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IT execs such as Emcor ClO Joseph Puglisi are being 
selective about their technology investments. PAGE 5 


Users at a Web services conference said they need 
middleware to help ease management complexity. PAGE 4 
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Merchants 


Face Deadline 
For Data Safety 


MasterCard, Visa impose new info security 
rules in effort to ease identity theft concerns 


BY JAIKUMAR VIJAYAN 
Companies that manage 
credit card information 
have just over a month 
to comply with new 
data-protection require- 
ments being pushed by 
MasterCard International Inc. 
and Visa U.S.A. Inc. amid 
growing concerns about iden- 
tity theft and fraud. 

The Payment Card Industry 
Data Security Standard, or 
PCI, lists 12 items that retail- 
nline merchants, data 
processors and other busi 
nesses that handle credit card 
data will have to start meeting 
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Won’t Lead to > 
IT Makeover 
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QuickLink 
ki600 


by June 1. The standard 
sets technology re- 
quirements such as the 
use of data encryption, 
end-user access con- 
trol, and activity moni- 
toring and logging. It 


| also includes procedural man- 


dates such as the need to im- 


| plement formal security poli- 


| cies and vulnerability manage- 
| ment programs. 


compliance 
| assessor either 


The standard also requires 
companies to v ate their 
a a PClI-certified 
annually or 


| quarterly, depending on their 


Credit Cards, page 16 


| Archipelago Holdings Inc., 


marking the Big Board’s full 
embrace of e-trading. 

But the deal — which coin- 
| cided with a similar acquisi- 
tion move by Nasdaq Stock 
Market Inc. — doesn’t mean 


| the NYSE’s trading operations 


will get a rapid makeover via 
an influx of technology from 
NYSE, page 16 
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Temporary ClOs are often brought 
in to fix messed-up IT departments - 
fast - before moving on. Find out what 
makes them tick. Page 39 


BEAT THE 


OcK 


Users Are Left Unclear About 
Microsoft’s Model Approach 


Vendor pushes new 
| 
management strategy | 


BY CAROL SLIWA 
LAS VEGAS 
Microsoft Corp. CEO Steve 
Ballmer proclaimed here last 
week that the software ven- 
dor’s 2-year-old Dynamic Sys- 
tems Init 


from the vision stage to being 
“very, very real.” 


| 
| 
| 
ye has advanced | 
But a dozen IT managers at- | 


| tending the Microsoft Man- 


agement Summit were having 


| a tough time getting their 
| arms around the DSI strategy, 


which aims to help companies 


| design and operate more man- 


ageable systems by making 
use of information about ap- 


MORE INSIDE 


VI 


plications that is captured 
in models. The IT man- 
agers said they either don’t 
know what DSI is, are con- 
fused about the initiative or 
harbor skepticism about the 
model-based management 
approach that’s at its core. 

7 good concept if it 
works — but so wz 
{and] it took them a few 
years to fix it,” said Jim 
Brown, a senior technical 


| specialist at Minneapolis- 
based General Mills Inc. 


Brown was referring to Sys- 
tems Management Server, 
Microsoft, page 51 





Your potential. Our passion. 


Microsoft 


An upgrade to Microsoft Windows Server System 
made it possible for 50,000 worldwide employees 
at Nissan Motor Company to have more secure 
remote access to their e-mail and calendars from 
any Internet connection, without the hassle and 
expense of a VPN. Here's how: By deploying 
Windows Server 2003 and Exchange 2003, not 
only did Nissan IT meet the CEO's demand for 
better global collaboration, they expect to 
save at least $135 million by streamlining their 
messaging infrastructure. To get the full Nissan 
story or find a Microsoft Certified Partner, 

go to microsoft.com/wssystem 


“At Nissan, we expect to save at least $135 
million annually thanks to the efficiencies 
that Windows Server 2003 and Exchange 
Server 2003 are helping us achieve.” 


Toshihiko Suda 
Senior Manager, Nissan Motor Company, Ltd. 
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WERE PUTTING COMPUTER 
R&D WHERE IT BELONGS. 


In your business. 


Dancing robots and Artificial Intelligence make great press 
release material, but what exactly do they do to improve 
your business? 

At Fujitsu, we're concerned with R&D that helps 
ClOs run their business more efficiently. !n fact, we invest 
billions of dollars annually in developing technology solu- 
tions and providing the right products for our customers 
to achieve maximum enterprise performance. This R&D 
effort is the foundation of the Fujitsu PRIMEPOWER™ 
and PRIMERGY?® server lines, which deliver mission-critical 
reliability, availability and serviceability. 

Thanks to our real-world R&D philosophy, we've 
become a company that offers ClOs the high-performance 
mobile computers, scalable, reliable servers, and managed 
and professional services they need. 

If you are looking for an IT partner whose R&D 
investment actually does your company some good, visit 


us.fujitsu.com/computers/RD or call 1-800-831-3183. 
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Scholars & Barbarians 


In the Management section: In his new 
book, What the Dormouse Said... , John 
Markoff examines the confluence of technol- 
ogy, politics and psychedelics that gave birth 
to the PC — and the continuing controversy —' i 
over who owns information. Page 42 ; . 


Ready for Trouble? 
In the Technology section: Crisis management comes 
down to basics, say experienced users: Make a realistic 
disaster recovery plan and deploy the technology to make 

it work. And make sure the plan is 
quickly accessible to everyone in 
the organization. Page 25 
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Oracle plots a best-of-breed 
course for its Fusion applica- 
tion convergence project. 


Web services users hope that : 


enterprise service bus middle- 
ware will help them reduce 
management complexity. 


Vendors’ mixed financial re- 
sults for QI may reflect selec- 
tive IT spending by users 
amid economic concerns. 


A cybersecurity monitoring 
center formed as a public/ 
private partnership launches 
a pilot project to track net- 
work intrusions and send 
information about them to 
the government. 


Verizon releases software to 
integrate corporate voice and 
messaging services and to 
give remote workers control 
over communications. 


) Unisys announces a long- 
distance data replication and 
recovery system as the first 
part of an on-demand effort. 


al Dispatches: Amazon.- 
com’s European IT services 
unit will provide e-commerce 
technology to a U.K. retailer; 
and Intel plants a Wi-Fi hot 
spot near the North Pole. 


14 Advanced Micro Devices 


launches dual-core versions 
of its Opteron processors, but 
Dell sticks with Intel chips. 


Q&A: Microsoft's Jim Allchin 
talks about his company’s 
Longhorn OS plans and the 
benefits of 64-bit computing. 


_ TECHNOLOGY 


28 Ghosts in the Machine. Virtu- 


al machines are being used by 
an increasing number of com- 
panies to help manage com- 
puting resources. 


32 Future Watch: Staying Out in 


Front. At HP Labs, research 
runs the gamut from data 
center management tools 
to an architecture for the 
world’s tiniest computer. 


34 Security Manager’s Journal: 


Firewall Request Gets Third 
Degree. Mathias Thurman 
must conduct due diligence 
before opening a firewall 

to let a partner company 
transfer data. 


MANAGEMENT 


39 Beat the Clock. Temporary 


CIOs face all the challenges of 
their permanent counterparts 
in a dramatically condensed 
time frame. 


45 Career Watch. Answering a 


reader’s question about the 
value of certifications; a fund 
for the laid-off employees of 
PeopleSoft; and a wealth gap 
for knowledge workers. 


6 On the Mark: Mark Hall re- 
ports that an appliance due 
late next month might help 
turn the tide in the battle 
against spyware. 


20 Don Tennant takes a new 
look at the battle among Web 
browsers — a technology Bill 
Gates once described as “a 
trivial piece of software.” 


20 Virginia Robbins knows how 
important it is to find the 
sweet spot for IT spending. 


David Moschella thinks HP 
and its new CEO have to re- 
invigorate the company’s 
core product technology. 


36 Douglas Schweitzer says that 
any IT security plan has to 
start with the basics — physi- 
cal security — and he sug- 
gests some ways to improve it. 


46 John Columbus warns that if 
you don’t have time to follow 
written standard processes, 
the minutes you save today 
may cost you time and dollars 
tomorrow. 


52 Frankly Speaking: Frank 
Hayes says new legislation to 
reform the software patent 
process will be a gift to Micro- 
soft. But it will also help the 
industry — and you. 
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The Appreciation Gap 

iT MANAGEMENT: Columnist Esther Derby 
explains how to help employees feel better 
about their jobs using some simple apprecia- 
tion techniques. @ QuickLink 53925 


Safest Places on the Web 


E-BUSINESS: Privacy columnist Jay Cline 
identifies 20 Web sites with the best privacy 
policies on the planet, based on their adher- 
ence to Europe’s “safe harbor” principles and 


other factors. @ QuickLink 53665 


{hey Cant Steal Data 
You t Have 


SECURITY: You can help beat data thieves by 

using effective data management — and that 
includes not saving what you no longer need, 
say two experts at Kroll Ontrack. 


© QuickLink 53306 


Log Management Tips 

SECURITY: Whether building a logging tool 
or evaluating a log management product, 
there are at least five factors you should 
consider, says columnist Jian Zhen. 


© QuickLink 53430 


TV Challenges 


STORAGE: Television presents unique storage 
bandwidth and delivery challenges. André 
Mendes of PBS discusses his organization’s 
approach to managing storage resources, in 


this free webcast. @ QuickLink a5710 
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Nasdaq to Adopt 
Instinet’s Engine 


BY LUCAS MEARIAN 

Nasdag Stock Market Inc. said 
Friday that it will standardize on 
Instinet Group Inc.'s electronic 
trade-matching technology as 
part of its planned acquisition 
of New York-based Instinet for 
$934.5 million in cash. 

“They have the leading [elec- 
tronic trading] technology on the 
planet,” Nasdaq CEO Bob Greifeld 
said during a press conference Fri- 
day afternoon. He added that In- 
stinet’s matching engine offers re- 
sponse times of about 5 millisec- 
onds on incoming trade orders. 

Greifeld said synergies between 
the Nasdag and Instinet technolo- 
gy infrastructures are expected to 
result in an annual savings of 
$100 million in the first three 
years after the deal is completed. 
He didn’t disclose further details, 
saying only that Nasdaq has “a 
clear plan that fits into our exist- 
ing road map.” 

Nasdaq spent $107 million to 
develop its own SuperMontage 
electronic order display and exe- 
cution system, which went live in 
2002. The homegrown technology 
will in all likelihood be scrapped as 
a result of the Instinet deal, said 
Jodi Burns, an analyst at Celent 
Communications LLC in Boston. 

But she added that when Super- 
Montage was developed, Nasdaq 
needed it to compete against elec- 
tronic exchanges such as Instinet 
and Archipelago Holdings Inc., 
which is due to merge with New 
York Stock Exchange Inc. in an- 
other deal announced last week. 

Compared with the technology 
integration issues that the NYSE 
and Archipelago face, Nasdaq's 
challenges in absorbing Instinet 
are much smaller, Burns said. 

“in general, Nasdaq is planning to 
use the Inet order-matching sys- 
tem, but its own quote and trade- 
reporting system won't change,” 
she said. 

Instinet’s electronic market- 
place trades about 25% of the 
Nasdagq-listed volume daily. The 
acquisition agreement includes 
two side deals to sell off Insti- 
nent’s nontrading operations. Al- 
together, instinet’s shareholders 
will receive $1.9 billion in cash. 
@ 53984 
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Oracle Promises Best-of-Breed 
Approach on App Convergence 


Says its Fusion project will utilize key 
features from different software lines 





BY MARC L. SONGINI 
NEWTON, MASS 
RACLE CORP. last 
week held a series 
of customer meet- 
ings to shed some 
light on its plan to converge 
four business application 
suites, and executives said 
the vendor will work closely 
with its various user groups 
to cull capabilities from each 
product line. 

That should enable the 
company to craft something 
akin to a best-of-breed suite, 
according to Oracle Co-presi- 
dent Charles Phillips. He said 
at a meeting held here that 
Oracle will use a service- 
oriented architecture ap- 
proach to turn pieces of appli- 
cations into components, en- 
abling it to mix and match 
functionality from the differ- 
ent products. 

Phillips also said that while 
Oracle’s own database and 
middleware will be the default 
software stack for the con- 
verged Fusion applications, 
the company will certify infra- 
structure software from rival 
vendors in some cases. For in- 
stance, IBM’s DB2 database 
will continue to be supported 
for users of the AS/400-based 
J.D. Edwards World applica- 
tions that Oracle inherited 
when it acquired PeopleSoft 
Inc. in January. 

Oracle had already an- 
nounced much of what was 
discussed last week. And with 
the Fusion road map still 
evolving, users interviewed at 
the event and via telephone 
posed a variety of yet-to-be- 
answered questions. 

Robert Robinson, business 
systems supervisor at Durr 
Industries Inc., a Plymouth, 
Mich.-based automotive sup- 
plier that runs the J.D. Ed- 
wards EnterpriseOne software 





for midsize companies, said 
he’s curious about how much 
input users will really have in 
“building this new beast.” 
Robinson also questioned 
how much Oracle will en- 
hance its current applications 
while developing the 
converged product 
line. “The smart user 
will trust what’s be- 
ing said but verify,” 
he noted. “And we 
cannot verify until 
we hit [product roll- 
out] mileposts.” 
Another user with 
questions is William 
Gabby, North Ameri- 
can operations man- 
ager at Cargill Inc.’s 
Global Financial Solutions 
business unit in Minnetonka, 
Minn. Gabby, a World user, 
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only option be Fusion?” 
Underlying Fusion technol- 
ogy is due to start appearing 
this year, and Oracle plans to 
deliver the converged applica- 
tions in 2008. But Phillips and 
John Wookey, Oracle’s senior 
vice president of applications, 
reiterated that the applications 
Oracle acquired when it bought 
PeopleSoft will be supported 
through at least 2013. 
“I’m optimistic 
about the process 
that’s being under- 
taken by Oracle,” 
said James Whalen, 
CIO at Boston Prop- 
erties Inc., a real es- 
tate development 
and management 
company in Boston. 
Whalen, the presi- 
dent of the People- 
Soft International 
Customer Advisory Board, 
was a member of a user panel 
at the Oracle event. He said he 


said he wants to know if there expects Fusion to provide an 


is “a future for any of the ex- 
isting product lines, or will the 


No Forced March 


NEWTON, MASS. 
CHARLES PHILLIPS, one of Ora- 
cle’s co-presidents, stressed at 
last week's customer meeting 
here that Fusion encompasses 
more than a single product and 
that the rollout of the modular, 
Java-based applications will be 
an evolutionary process with no 
forced-march migrations for users. 

As part of the Fusion project, 
Oracle plans to mix business 
process automation technology 
with business intelligence tools to 
allow a company using its soft- 
ware to see, for instance, whether 
a supplier was able to deliver an 
item on time in recent trans- 
actions. 

As another example of what 
Oracle hopes to accomplish with 
Fusion, John Wookey, the ven- 


| 


improved application platform 
for users when it’s completed. 


dor’s senior vice president of 
applications, pointed to a com- 
pensation tool in its E-Business 
Suite Tli software. The tool lets 
users manage employee com- 
pensation, including bonuses 
and stock options, and is similar 
to technology that PeopleSoft 
was working on before it was 
bought by Oracle. 

Using service-oriented archi- 
tecture tools, Oracle may enable 
PeopleSoft Enterprise users to 
exploit the Tli compensation 
management tool without having 
to scrap their investments in 
PeopleSoft’s human resources 
software, Wookey said. 

Oracle has also said that it will 
allow customers to skip software 
versions when doing upgrades. 
A company could be several 





4 The smart 
user will trust 
what’s being said 
but verify. And we 
cannot verify until 
we hit [product 
rollout] mileposts. 


ROBERT ROBINSON, 
BUSINESS SYSTEMS SUPERVISOR, 
DURR INDUSTRIES INC. 


Doug Rademacher, another 
panelist, is CIO at American 
Power Conversion Corp., a 
West Kingston, R.I.-based 
manufacturer that runs 
Oracle’s E-Business Suite lli 
applications. 

“As an Oracle user, I’m not 
that concerned,” he said. “My 
question is, What do I get out 
of [Fusion], and will Oracle be 
distracted?” 

But Rademacher added that, 
like Whalen, he’s optimistic 
about the outcome of the con- 
vergence effort. @ 53948 


to Fusion for Users, Oracle Says 


: releases behind the most current 
: version of an application but 

: move directly to the latest one, a 
: process that will continue with 


Fusion. 
Among the most outspoken 


> users have been J.D. Edwards 

: World customers, whose green- 
> screen applications run on IBM's 
: AS/400 systems. Phillips said 

* Oracle remains “committed for 


the foreseeable future” to World, 
continues to sell licenses for it 
and is even considering adding 
CRM functionality. 

Phillips added that Oracle has 
issued a playbook to help guide 
its salespeople on all of the com- 
pany’s myriad products during 
meetings with prospective cus- 
tomers. 

~ Mare L. Songini 
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Web Services Users 


Pin hopes for reduced complexity on 
use of enterprise service bus technology 


BY HEATHER HAVENSTEIN 
LOS ANGELES 

As companies increase their 
use of Web services to inte- 
grate existing applications and 
build new ones, many are eye- 
ing enterprise service bus 
(ESB) middleware technology 
to help reduce their manage- 
ment and routing burdens. 

Nine IT managers at Gart- 
ner Inc.'s Application Integra- 
tion and Web Services Summit 
here last week said they hope 
that ESBs will ease the com- 
plexity and cost of making 
Web services widely available 
across their systems. 

For example, Ashiq Zaman, 
manager of the Kentucky state 
government’s Office of Tech- 
nology, said he wants to invest 
in ESB technology to help 
manage the commonwealth’s 
Web services. The Web ser- 
vices expose data from back- 
end revenue and transporta- 





tion systems running on main- 
frames to outward-facing Web 
applications based on .Net and 
Java. Kentucky residents can 
use the Web applications to 
pay taxes or renew their dri- 
ver’s licenses online. 

“This will open new possi- 
bilities for us,” Zaman said, 
adding that putting an ESB in 
between the different applica- 
tions would also enable the 
state’s IT staffers to better 


| manage the process of modify- 


ing the Web services. 


Technology Options 

An ESB typically encompasses 
messaging technology like the 
Java Message Service or IBM’s 
MQSeries middleware and 
supports Web services stan- 
dards for transforming data 
formats, binding Web services 
together and routing them 
without having to write code 
to change interfaces. 


Economic Concerns Lead 
To Selective IT Spending 


BY THOMAS HOFFMAN 
The weak financial results re- 
ported for the first quarter by 
some technology vendors, in- 
cluding IBM and Sun Micro- 
systems Inc., suggested that 
corporate users might be 
pulling back on their discre- 
tionary IT spending. 

But other major vendors 
had strong quarters. And 
while some IT executives last 
week confirmed that econom- 
ic uncertainties have led them 
to postpone some systems 
upgrades and new IT invest- 
ments, other users and ana- 
lysts said the current pattern 
is more indicative of a spend- 
ing “microclimate” in which 
companies are simply being 
more selective about their 
technology spending. 

“Our company is in an in- 
dustry that’s a lagging indica- 
tor of the economy, so we’re 





kind of laying back” on mak- 
ing new IT investments, said 
Joseph Puglisi, CIO at Emcor 
Group Inc., a Norwalk, Conn.- 
based mechanical and electri- 
cal systems contractor. 
Although Emcor continues 
to expand its use of Oracle 
Corp.’s OneWorld XE ERP 
software and has just launched 
an identity management proj- 
ect to boost its IT security, 
“we’re not ready to undertake 
any major programs for the 
time being,” Puglisi said. 
“We're just doing what’s need- 
ed and making investments 
where there’s clear returns.” 
One company that has 
throttled down its IT spending 
in response to renewed eco- 
nomic concerns is pharmaceu- 
tical maker Wyeth. Even 
though the Madison, N,J.- 
based company last week re- 
ported 44% profit growth year 
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Seek Help From Middleware 


“You want something in the 
middle that can translate and 
be transport-independent,” 


| said Gartner analyst Roy 


Schulte. He added, though, 
that one of the biggest chal- 
lenges is choosing the right 
ESB product. 

Pure-play ESB vendors such 


| as Sonic Software Corp. and 


Cape Clear Software Inc. are 
best for companies that plan 
to use a variety of application 
servers, because they’re de- 
signed to be vendor-neutral, 
Schulte said. The ESB offer- 
ings from vendors such as 
IBM and Oracle Corp. are best 
suited for users that are pre- 
dominantly relying on their 
application servers, he said. 
James Law, an applications 
programmer at the University 
of Michigan Health System in 
Ann Arbor, said the health 
care organization has just be- 
gun using Web services stan- 
dards for integration purpos- 
es. But he believes that an ESB 
could help lower management 
costs because application and 


over year for the first quarter, 
it has decided to postpone its 
PC and server replacement 
plans for this year “due to 
the overall financial environ- 
ment,” said CIO Bruce Fadem. 

Wyeth normally replaces its 
PCs every three years and up- 
grades its servers every three 
to five years, according to Fa- 
dem. “We've pushed them all 
out another year for the time 
being,” he said. 

Ian Campbell, CEO of Nu- 


ass 
A Bats) 








qi04 


eV is ce 
Service Bus: 


system-to-system messaging 
could be managed from one 
software stack. “Now we have 
messaging in one place and 
the application infrastructure 
in a separate silo,” Law said. 
Chicago-based Health Care 
Service Corp., an insurance 
company that operates Blue 
Cross and Blue Shield divi- 


cleus Research Inc. in Welles- 
ley, Mass., said he doesn’t 
expect many companies to 
reduce their IT budgets as a 
result of the current economic 
instability. 

But Campbell added that he 
is seeing a shift away from 
committing tens of millions of 
dollars to large IT projects in 
favor of emphasizing smaller- 
scale deployments that can 
deliver more-focused returns 
on investment. 


aia 
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sions in Illinois, Texas and 
New Mexico, is looking for 
ESB middleware to handle the 
routing of a growing stable of 
Web services that automate 
tasks for health care providers, 
such as looking up the bene- 
fits provided by various plans. 
Bob Holzer, a solution archi- 
tect at the insurer, said that 
using an ESB to make Web 
services more widely available 
would help eradicate some 
of the current duplication of 
work by developers in differ- 
ent parts of the company. 
Vendors are stepping up 
their efforts to meet the de- 
mand for ESB products. For 
example, IBM last week un- 
veiled WebSphereMQ Version 
6, which was designed to let 
users create ESBs from a sin- 
gle Eclipse-based workbench. 
In addition, users can now 
more easily turn MQSeries 
messages into Web services, 
said Scott Cosby, IBM’s Web- 
Sphere product director. The 
new software is due for gener- 
al release on May 24. @ 53953 





Howard Rubin, an analyst 
at Gartner Inc., said he has 
observed increased IT spend- 
ing by companies this year 
in areas such as security and 
storage technologies that are 
needed to support Sarbanes- 
Oxley Act compliance initia- 
tives. But that isn’t enough to 
end the four-year run of slug- 
gish IT spending, he added. 

With uneven economic 
growth overall, “companies 
will be as frugai as they need 
to be with IT spending,” Rubin 
said. “It’s not a happy time.” 

Of course, IT spending 
varies from one company to 
another. At Schneider Nation- 
al Inc., for example, spending 
is up 15% year over year, said 
Bob Grawien, vice president 
of application development 
and business intelligence at 
the Green Bay, Wis.-based 
transportation provider. 
Grawien said the increase is 
being driven by a mix of inter- 
nally developed systems and 
new implementations of off- 


| the-shelf software. @ 53935 
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U.S. Land Agency 
Shutters Web Site 


The Bureau of Land Management 
has again shut down its Web site 
because of concerns about the 
security of its IT systems. A 
spokeswoman for the BLM said 
that the site was turned off April 8 
after a systems audit by the U.S. 
Department of the Interior’s in- 
spector general “revealed poten- 
tial weaknesses.” She declined to 
say when the agency expects to 
restore the Web site, which has 
been shut down several times 
since late 2001. 


Cisco Pushes Back 
Against Juniper 
Responding to gains by rival 
Juniper Networks Inc. in the mar- 
ket for carrier-class networking 
equipment, Cisco Systems Inc. 
said the XR version of its routing 
software will become available on 
its 12000 Series routers in June. 
The XR software currently sup- 
ports only Cisco’s high-end CRS-1 
systems. Cisco is also upgrading 
the software that runs on its 
7600 Series routers. 


Microsoft to Tie IM 


To Mobile Devices 


Microsoft Corp. announced plans 
to extend its Live Communica- 
tions Server 2005 instant mes- 
saging and collaboration software 
to mobile devices, via a Windows 
Mobile-based client that’s due for 
beta-testing in the second half of 
the year. Microsoft said the mo- 
bile software's user interface will 
be similar to the one in Office 
Communicator 2005, the PC 
messaging client for LCS. 


Short Takes 


AUS. judge in Baltimore dis- 
missed a lawsuit filed against 
MICROSOFT by several California 
cities and counties but gave them 
permission to amend the antitrust 
portion of their claims. . . . MCI 
INC. last week pledged to restore 
network services to users within 
3.5 hours of a failure. 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


AG, 


Tenacious Spyware 


Slips Past 


. . defenses offered by current technologies. Most anti- 
spyware tools apply a range of protections, such as 
URL filtering or signature analysis, but they catch 
less than 40% of the spyware that sneaks onto cor- 
porate computers, according to tests reported on 


Spyware Warrior.net. 
The study, done last 
fall, showed that even 
the best scanners 
overlook more than 
one-fourth of the spy- 
ware on PCs. Blue 
Coat Systems Inc. in 
Sunnyvale, Calif., claims that 
its upcoming Spyware Inter- 
ceptor appliance can dramati- 
cally improve your defense 
efforts. Chris Harget, a Blue 
Coat product manager, says 
the company has already sur- 
veyed 7.3 million Web sites to 
determine which ones carry 
spyware, be it knowingly or 
unknowingly. Blue Coat’s en- 
gineers found “tens and tens 
of thousands of sites” rife 
with the pesky programs, 
Harget says. Interceptor will 
let end users navigate to a 
spyware-tainted site but 
doesn’t allow the malware to 
slip through to their comput- 
ers. It also recognizes when 


67% 


IDC's 
estimate of 
PDC te Ce] 

with spyware. 





executable code 

has been hidden in 

a nonexecutable file 
such as a JPEG and 
stops the nefarious 
program from firing 
up. And because 
mobile users often 
pick up spyware outside the 
corporate network, Intercep- 
tor can stop the performance- 
sucking programs from con- 
tacting their home Web sites 
to report on what they have 
learned from infected ma- 
chines. The appliance can 
handle 100 to 1,000 PCs on 

a network and is priced at 
$2,295, plus a subscription 


| fee that starts at $695 for 
| 100 users. It’s due to ship 


on May 31. 


Predict an application’s 
performance. . . 

. .. before you unleash it on your 
network. Software modeling 
technology that HyPerformix 


Intercept spyware 
on your net. 


fs Wee! 





Inc. in Austin plans 

to release this week 
promises to help IT 
managers “predict the 
impact of change” 
that a new application 
will bring to a net- 
work, says CEO Noel 
Barnard. She notes 
that the Performance 
Designer tool can pre- 
dict response times from an 
end user’s perspective by ap- 
plying more than 1,700 tem- 
plates of the possible infra- 
structure configurations that 
applications will work within. 
You pick the appropriate tem- 
plate and run your code 
through its paces in a virtual 
IT world. Companies engaged 
in application consolidation 
work will particularly benefit, 
Barnard claims. Pricing starts 
at $100,000. 


Track VoIP performance 
in real time. . . 

. . . to determine where the 
hang-ups are. With the Clear- 
Sight Distributed Analyzer, 
you can literally watch how 
your end users’ voice-over-IP 
conversations are going. “The 
real-time flow of conversa- 
tion views are broken down 
into a time-ladder diagram,” 
says Bill Berkman, CEO of 
ClearSight Networks Inc. in 
Fremont, Calif. He means that 
the diagram visualizes step 
by step how data packets 
move across the wire. A tech- 
nician can even replay con- 
versations to analyze faulty 
VoIP connections. The $6,500 
software, available this week, 


| can also analyze security pro- 
| tocols such as Kerberos and 


decode IPv6 packets. 


Application availability 
is all about. . . 

. .. money, ultimately. So later 
this quarter, Fidelia Technol- 
ogy Inc. in Princeton, NJ., 
will update its NetVigil Con- 
tainers software to estimate 
the direct financial cost of 
down or debilitated applica- 
tions. Fidelia President Vikas 


as 


Zw 


BARNARD 
Bm ect e 
Pre Ce 





Aggarwal says Net- 
Vigil lets you create 
so-called application 
containers that in- 
clude all aspects of 
your IT infrastructure 
— network availabil- 
ity, database response 
time, server CPU uti- 
lization and more. Fi- 
delia’s Data Gathering 
Engines keep track of the per- 
formance and availability of 
up to 1,000 devices apiece 
and feed the data into your 
containers. At a glance, a 
sysadmin can see whether 
there’s a problem and where 
it originated. In the upcoming 
release, NetVigil will let you 
apply monetary values to 
each contain- 

er. Aggarwal 

says that e 
knowing the ¢ 

true cost of q . 
troubled 

apps will aX os 
help IT “pri- Vr 
oritize which Sear ae 
applications nats 
are more 1m- fix apps. 
portant and 

which ones to fix first.” Or, 
perhaps admins will ask their 
chief financial officers to set 
the priorities. Pricing for 
NetVigil starts at $40,000. 


Telecommuter PCs 
down? No problem. . . 

. .. $0 long as it’s the first week 
of August. The Branford, 
Conn.-based PC-Turnoff Or- 
ganization is urging families 
to turn off their home com- 
puters from Aug. 1-7 this year. 
“Overuse of the computer 
shares many of the same neg- 
ative effects of too much tele- 
vision,” the group claims. 
Such as? Creating fat kids 
who sit around all day sip- 
ping Jolt and munching 
Twinkies while mousing their 
way to unsavory areas of the 
Web. Noble idea or nonsense? 
Can’t say. But the real ques- 
tion is: Will corporate IT de- 
clare a PC-Turnoff Week? 
Please? @ 53908 
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security threats more quickly. 
Shawn Henry, an assistant 
special agent at the FBI, said 
| enforcement agencies also 
hope to use the data to pre- 
vent future attacks instead of 
just reacting to incidents. 
Fleming said CIDDAC ex- 
pects to be fully operational 
by year’s end. The pilot proj- 
ect, which has been in the 
planning stages for two years, 
is being funded through a 
$200,000 grant from the U.S. 
Department of Homeland Se- 
curity and is getting support 
from the FBI. @ 53957 


| Schaeffer said intrusion 

| data is currently collected on 

a company-by-company basis, 

making it less useful in cases 

| of large-scale attacks. “If I can 

| get some intelligence on an- 

| other financial institution and 

how they are being attacked 

| and what they are doing to de- 

fend themselves, that’s more 

likely to help me,” he said. 
According to CIDDAC, law 

enforcement officials will be 

able to use the intrusion data 

to compile attack signatures, 

which could help investigators 

identify and neutralize cyber- 


Cybersecurity Monitoring 
Center Begins Pilot Project 


| tor, there is no program.” 

The initial 30 participants, 
which aren’t being identified 
| for security reasons, will pay 

about $10,000 each for the in- 
| stallation of the sensors plus 
one year of monitoring and 
incident reports. 

John Chesson, a special 
agent at the FBI in Philadel- 
phia, said the sensors are 
“hardened honeypots” that 
aren’t connected to any actual 
corporate systems but appear 
to intruders to be just another 
machine on a network. 

Brian Schaeffer, a member 
of CIDDAC’s board and the 
chief technology officer at 
Liberty Bell Bank in Cherry 
| Hill, NJ., said he thinks that 
the new program adds an im- 
portant weapon for defending 


Sensors on corporate networks will | 
track intrusions, forward data to feds 


BY TODD R. WEISS 
PHILADELPHIA 


the intrusion data and pass it 
on to law enforcement agen- 
cies and the participating 
companies without identifying 
the one that was attacked. 

Charles “Buck” Fleming, ex- 
ecutive director of CIDDAC, 
said companies that are vic- 
tims of IT security attacks 
aren't always willing to share 
their information with the 
government. 

“Companies don’t want the 
FBI looking at their informa- 
tion, even if they’re not doing 
something wrong,” he said. 
“Privacy, trust and anonymity 
are absolute essentials for the 
private sector to participate. 


CYBERSECURITY mon- 
itoring organization 
that was set up two 
years ago as part of 

a private/public partnership 

opened its operations center 

at the University of Pennsylva- 
nia last week and said it has 
launched a pilot project in- 
volving about 30 companies. 

The Cyber Incident Detec- 
tion Data Analysis Center 

(CIDDAC) will install special- 

ly built sensor devices on the 

networks of participating 
companies. The sensors will 
automatically report attacks to 








Verizon Software Links 
Voice, Messaging 


lobi Enterprise 


Verizon Communications Inc. 


the software gives him. 
“I'm the kind of person, like 
most technology people, who 


= PRODUCT SUMMARY: Veri- enjoys having the ability to be in 





CIDDAC, which will evaluate 





And without the private sec- 


Security Forum’s Demise 


Doesn't End Call for Help 


PRIVATE-SECTOR participation 
remains key to fostering better T 
security practices in federal agen- 
cies. That's the verdict from both 
sides in the wake of a decision 
earlier this month to pull the plug 
onthe CISO Exchange, a forum 
that was set up in February to 
promote information sharing 
between private-sector security 
Se 


the exchange’s abrupt demise, 
federal chief information security 
officers shouldn't pull back from 
working with corporate security 
professionals - including those 
who work at vendors. 

One example in which such 
participation has yielded sub- 
stantial benefits is the widely 
used Common Vulnerabilities 
and Exposures database, which 
is maintained by The Mitre Corp. 
in partnership with the govern- 
oo Naess 

The CISO Exchange was the 
tight idea with the wrong ap- 
proach, said Forrester Research 
Inc. analyst Michael Rasmussen. 
He added that the focus should 
instead be on enabling informa- 
tion sharing between govern- 
ment ClSOs and their corporate 


counterparts. 

The exchange was created in 
response to the dismal overall 
showing by federal agencies on 
the 2004 computer security re- 


systems against attacks. 


port card released by the House 
Government Reform Committee 
in February [QuickLink 52707]. 
U.S. Rep. Tom Davis (R-Va.), 
who is chairman of the Govern- 
ment Reform Committee, said 
when he announced the forma- 
tion of the CISO Exchange that it 
would help agencies boost their 


security grades. 

But a spokesman for Davis 
said the membership fees that 
vendors would pay to fund the 
exchange raised concerns about 
its propriety. 

“tt evolved in a way that he 
neither anticipated nor was com- 
fortable with,” leading Davis to 


zon last week announced an 


contact with people and also to 


enterprise version of software 
that lets users receive phone 
calls, e-mail and instant mes- 
sages through a single Web- 
based portal. The lobi Enter- 
prise tools give workers real- 
time remote control of phone 
traffic, messaging alerts and 
other communications capabili- 
ties. For example, users who 
are away from their offices can 
check calls and forward the 
ones they want to take to de- 
vices that are within their reach. 

The software can be ac- 
cessed through a PC client, 
Web browser or voice portal 
and initially is aimed at compa- 
nies that use Centrex voice 
services. Support for private 
branch exchange systems will 
be added later this year. 

Verizon rolled out lobi offer- 
ings for home and small-busi- 
ness users last August, but it 
took longer than expected to 
release the enterprise version 
because it needed more-robust 
capabilities, said lan Forrest, 
manager of lobi Enterprise 
services. 


USER EXPERIENCE: Neal 
Sturm, CIO at Fairleigh Dickin- 
son University in Teaneck, N.J., 
has beta-tested lobi Enterprise 
for the past year, and about 30 
of his IT staffers have been us- 
ing it for the past 90 days. He 
said he likes the flexibility that 


control that contact,” Sturm said. 
He noted that he can put people 
he needs to speak with on an ex- 
ceptions list that lobi Enterprise 
uses to immediately put their calls 
through, while less-important 
calls and messages are routed to 
co-workers or into voice mail. 


= ANALYST ASSESSMENT: Wu 
Zhou, an analyst at IDC in Fram- 
ingham, Mass., said lobi Enter- 
prise has potential because it lets 
companies use existing copper 
phone lines and telecommunica- 
tions infrastructures. The chal- 
lenge for Verizon will be to con- 
vince corporate users that the 
software has benefits beyond 
how cool it is to techies, she 
added. “They have to hunker 
down and figure out how they can 
communicate this to [prospective 
users],” Zhou said. 


= OTHER VENDORS IN THE 
MARKET: Siemens Information 
and Communication Networks 
Inc., Mitel Networks Corp. and 
Nortel Networks Ltd. 


= PRICING: $7 to $8 per user on 
a monthly basis. 


@ AVAILABILITY: lobi Enterprise 
is available now from Virginia to 
Maine, where Verizon provides 
Centrex services. It will be offered 
in additional areas later this year. 
@ 53926 
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QUESTION: IS SWITCHING FROM THE STATUS QUO 
A STICKY SUBJECT INSIDE YOUR ENTERPRISE? 
READ ON, THEN LEAD AN ENTERPRISE-WIDE 
CHANGE FOR THE BETTER. 


Simply Juniper your net and change complex legac urations into 
clean-slate convenience. Our comprehensive solutions deliver unprecedented 


heights of speed, unbelievable depth of processing, unsurpassed security 


> LEADING THE WAY WITH SECURE, ASSURED NETWORKING, ONLY JUNIPER. 
Security, with assured performance. Juniper's promise, and a unique, industry-altering 
brand of networking. Secure & Assured Networking is application-driven: End-to-end 
network control, with guaranteed application delivery and performance — network wide. 
It's ceaseless security assessment: Deep inspection firewalls, Intrusion Detection 
and Prevention, as well as application-aware remote access SSL VPNs. It’s certain 
performance: Predictability through high-availability and platform stability — all via 
scalable platforms. Just because users have access doesn’t mean they should 
have the run of your resources — that’s Secure & Assured Networking. 


Juniper means security and assurance legacy players can’t emulate, only envy. 
Because it’s impossible to bolt onto their antiquated hardware what’s built into our 
innovative software. Juniper architecture creates incredibly scalable solutions, helping 
eliminate downtime, upgrades and workarounds while improving speed, reliability 
and performance. That’s how a Juniper network thrives in the most demanding 
conditions, allowing customers to build and run networks in the harshest, most 
competitive environments — so forge ahead and fear not. 


> A LEADER FOR BRAND LEADERS, IT’S JUNIPER. 
Juniper's carrier-class performance, intelligence and security — once available only 
to SPs — is here for your enterprise. That’s why we’re the recognized leader, and 
the preferred brand of mission-critical, industry-defining entities. Trusted 
the largest firms on Wall Street, the leading enterprises demanding 
perfect performance, the most vigilant government agencies on 
worldwide watch to, count ‘em, 25 of the top 25 service providers. 


> LEAD THE WAY, WITH JUNIPER. 
Need more help convincing your enterprise to leave 


papers, clear competitive advantages and the 
networking news you need. And get it here: 
http: //www.juniper.net/solutions /literature/ 


www.juniper.net 
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CNN has dubbed him a modern-day James Bond. 
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Ira Winkler has heisted nuclear reactor designs, 
taken over banks, and stolen billions of dollars— 
all to help organizations seal security breaches. 


Now, this former National Security Agency 
undercover analyst helps you adapt the security 
measures of intelligence agencies in order to defend 

your systems against such threats as script 
kiddies, foreign intelligence operatives, cyber- 
terrorists, and worst of all, your trusted insiders. 


If Spies Among Us reads like an espionage 
exposé, that’s only because it is. 


Praise for Spies Among Us 


“Tra Winkler stands out because he’s the real 
deal: a guy with a resume of companies 
he’s broken into and identities he’s stolen in 
his job as a security and intelligence expert. 

He reveals the top threats to our personal 
and national security, with lots of straight- 
forward advice on how to protect yourself. 
If you’ve got a social security number, 
you need to read this book whether 
you're a CEO or a grandmother.” 
—SOLEDAD O'BRIEN, CNN 


) WILEY 


Now you know. 


wiley.com 





10 


COMPUTERWORLD April 25, 2005 


NEWS 


www.computerworld.com 





Adobe Agrees to 
Buy Macromedia 


Adobe Systems Inc. said it plans 
to buy San Francisco-based 
Macromedia Inc. in a stock-swap 
deal that will give Adobe control 
of technologies such as Flash, 
Dreamweaver and ColdFusion. 
Analysts said the acquisition will 
position San Jose-based Adobe to 
compete against Microsoft Corp. 
in areas such as document man- 
agement and the development of 
rich-media applications. 


Lucent Merges Its 
Product Operations 


Lucent Technologies Inc. said 
that its wireless and fixed-line 
network equipment units are be- 
ing combined into a single group. 
“The greatest near-term opportu- 
nity is wireless,” Lucent CEO Pa- 
tricia Russo said, adding that the 
market for fixed-line gear remains 
challenging. Murray Hill, N.J.- 
based Lucent reported a 6% 
revenue increase year over year 
for the first quarter. 


WRQ, Attachmate 
To Be Combined 


The investment group that bought 
Seattle-based WRQ Inc. in De- 
cember said it plans to buy Belle- 
vue, Wash.-based Attachmate 
Corp. and merge the rival vendors 
of software for accessing legacy 
applications. The combined com- 
pany will have annual revenue of 
more than $200 million and be 
headed by Jeff Hawn, who now is 
WROQ's chairman. Financial terms 
weren't disclosed. 


Short Takes 


The MOZILLA FOUNDATION has 
updated the Firefox Web browser 
in an effort to plug nine security 
holes, three of which were rated 
“critical.” . . . SIEBEL SYSTEMS 
INC. will pay new CEO George 
Shaheen an annual salary of 

$1 million, the same amount it 
was paying ousted top executive 
J. Michael Lawrie. 





Unisys Offers Long-Distance Fail-over 


Rollout launches 
on- -demand effort — 


BY PATRICK THIBODEAU 
NISYS CORP. last 
week released a 
business continuity 
system for its Intel- 
based ES7000 Windows 
servers, saying that the tech- 
nology will allow fail-over to a 


| backup site thousands of miles 


away and recovery within 30 
minutes. 

The system, called Safe- 
Guard 30m, is the first in a se- 
ries of offerings that Unisys of- 
ficials said will be released in 
the coming months under the 
company’s broad Real-Time 
Infrastructure initiative, also 
announced last week. RTI, 
which is philosophically simi- 
lar to the on-demand and 
adaptive computing concepts 
advocated by other IT ven- 
dors, will include tools for 
infrastructure management, 
consolidation, modeling and 
migration. 

SafeGuard 30m leverages 
Microsoft Corp.’s clustering 
software, but Unisys added its 
own software and hardware to 
create a turnkey system in- 
tended to address one of the 
challenges of long-distance 
data replication. 

Business continuity systems 
often use synchronous data 
transfers at the disaster recov- 
ery site, but network latency 
limits synchronous transfer 
distances to about 300 kilome- 
ters, or 186 miles. Unisys said 
its approach also permits 
asynchronous transfers that 
mitigate data loss over long 
distances by adding disk-writ- 
ing appliances and monitoring 
capabilities. Depending on the 
size of the deployment, Safe- 
Guard 30m costs $200,000 to 
$1.2 million, Unisys said. 


Fast Enough 

One ES7000 user, Larry 
Godec, CIO at First American 
Title Insurance Co., said he’s 
already using EMC Corp.'s 
Symmetrix Remote Data Facil- 
ity software to replicate data 
from First American’s head- 





SafeGuard 30m 


WHAT IT OFFERS: Recovery of 
information in less than 30 
minutes and support for long- 
distance data replication. 


RIGHT NOW: The disaster 
recovery product is limited to 
ES7000 servers and Windows. 


UPCOMING: Support for other 
Intel-based boxes and Linux 
(no timetable specified). 


| 
quarters in Santa Ana, Calif. to | 


a data center in Dallas. EMC’s 
technology also supports both 
synchronous and asynchro- 
nous replication. “I’m not sure 
how Unisys could offer any- 
thing faster,” Godec said. 
Unisys said the RTI suite 
will include features such as 
dynamic provisioning and vir- 
tualization. But what Larry 
Mueller, director of informa- 


| School District in California, 


| improve the vertical scalabil- 
| ity of the ES7000, which he 
| runs with 16 processors. 





tion systems operations for 
the Montebello Unified 


really wants is for Unisys to 


Mueller said multiple appli- 
cations running on one in- 
stance of Windows Server 
2003 Datacenter Edition 
sometimes conflict. That 
forces him to separate the ap- 
plications into partitions and 
run another in- 
stance of the oper- 
ating system 

The RTI road 
map doesn’t include 
the huge installed 
base of the vendor's older | 
product lines. But separately, 
Unisys has an ongoing effort to 
help users modernize their 





| ClearPath mainframe systems, 


MCP operating systems. 


which run the OS 2200 and | 
Greg Schweizer, a lead de- 


MORE THIS ISSUE 


Get 10 tips for improving 
your disaster recovery plan. 
Page 26 


veloper and systems adminis- 
trator at Oregonian Publishing 
Co. in Portland, is upgrading 
the newspaper’s ClearPath- 
based circulation system by 
adding a Unisys middleware 
layer and Web server to deliver 
the application to browsers. 
The project reduces costs, he 
said, because instead of the 
company paying for dedicated 
terminals and phone lines, cir- 
culation workers can access 
the system over any Internet 
connection. 

Unisys officials 
have promised that 
the company will 
continue to support 
its legacy systems, 
and Schweizer said he believes 
that will be the case. But he ex- 
pressed concern about the 
company’s financial perfor- 
mance: Unisys this month re- 
ported a first-quarter net loss 
of $45.5 million, as revenue fell 
7% year over year. @ 53951 


Unisys Takes Turnkey Approach, Exec Says 


LEO DAIUTO, president of sys- 
tems and technology at Unisys, 
spoke with Computerworld last 
week about the company’s Real- 
Time Infrastructure initiative and 
its overall technology direction. 
Excerpts follow: 


Many enterprise ven- 

dors are pushing a 
technology approach 

similar to RTI. How do 

you distinguish your- 

self from Hewlett- 

Packard, Sun Mi- 
crosystems, IBM and 

some of the other ven- 

dors? In general, there’s 

no doubt that HP, IBM 

and ourselves are all playing in 
the same market. What we think 
we're doing to separate our- 
selves a little bit differently is 
we're also going to introduce a 
new series of products that we 
believe will allow customers to 
save time and money in solving 
some of their problems - by tak- 
ing the technology that we have, 
some from third parties, integrat- 


ing it and testing it, and really 
pointing it at a specific IT prob- 
lem, and having it set up and 
running in a couple of weeks. 


Is that more of an out-of-box, 

set-it-up-yourself approach? 
Take, for instance, the 
SafeGuard 30m. The idea 
is that it's a turnkey solu- 
tion. It's comprised of 
hardware, software and 
services, to a point, to 
make this a viable product. 
We're trying to get this to 
be more of a high-volume, 
simplified solution. 


The RTI initiative 
seems to be largely built 
around Microsoft's software 
and your ES7000 servers. 
What are you doing for users 
of your ClearPath systems? 
That's a whole different market 
and different [user] base. Our 
primary effort in the ClearPath 
space is an overall moderniza- 
tion program. With our most re- 
cent introduction of J2EE capa- 


bilities for ClearPath, it actually 
allows a native J2EE program to 
run on MCP and OS 2200. 


What's the future of the MCP 
operating system? MCP, as 
well as OS 2200, really just be- 
comes core code running a vari- 
ety of applications while inte- 
grating in with the open aspects 
of Linux as well as Windows. It 
really just becomes an OS within 
an OS. The future is to keep the 
benefits that we have in MCP 
and use that to differentiate our- 
selves in the world while we sur- 
round that with all the open as- 
pects so it doesn’t look like it’s 
locked in like an old mainframe. 


Is there an end-of-life road 
map looming for MCP? No - 
don't see it at all. 

~ Patrick Thibodeau 


Go to our Web site for the full 

interview with Leo Daiuto: 
QuickLink 53881 
www.computerworld.com 
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Amazon, U.K. Retailer 


Cut E-commerce Deal 

MAZON SERVICES EUROPE SARL, 
BA sconcom Inc.’s new European 

IT services unit in Luxembourg, 
last week announced that it will pro- 
vide e-commerce technology and host- 
ing services to London-based Marks 
and Spencer PLC, one of the U.K.’s 
largest retailers. 

Amazon.com provides similar ser- 
vices in the U.S. to retail Web sites 
such as Target.com, Toysrus.com and 
Borders.com. Amazon Services Europe 
will provide the technology behind the 
Marks and Spencer Web site as well as 
its in-store, telephone and customer 
service systems. Financial terms of the 
deal weren’t disclosed. 

Marks and Spencer’s 
existing Web site gets 
more than 24 million 
visits per year, “but our 
e-commerce and cus- 
tomer ordering capabili- 
ties have yet to reach 
their full potential,” 
Steven Sharp, the retail- 
er’s director of marketing 
and e-commerce, said in 
a statement. The first 


GLOBAL FACT 


Ste em Ue Ewell 
region will surpass North 
vitae MUR UML Lg 
Meares iE ee santas 
ley e 


An International 
IT News Digest 


| with Amazon is expected to produce 

| an integrated ordering service by mid- 
| 2006 for in-store, online and telephone 
| channels, the two companies said. 


Wi-Fi Hot Spot Placed Pe 
Near the North Pole 


LONDON 

WO EMPLOYEES from Intel Corp.’s 
Tiicssom office have installed 

what may be the world’s most 
northerly Wi-Fi hot spot, 130 kilome- 
ters from the North Pole, the company 
announced on April 14. The hot spot 
was deployed in the Arctic region’s 
Barneo camp, a temporary tent com- 
plex for scientists and expeditions 
that’s located on a drifting block of ice 
at the 89th parallel north. 

The Intel employees 
put an 802.l1b/g access 
point inside the camp’s 
headquarters and set up 
a wireless LAN using 
four laptops equipped 
with the company’s 
Centrino mobile tech- 
nology. One of the lap- 
tops was placed outside 
and connected to a satel- 
lite phone to provide In- 





| The equipment survived the cold — 
| the air temperature at the camp rarely 
rises above -30 degrees Celsius — and 
worked reliably, according to Intel in- 
| staller Vsevolod Sementsov. The main 
| problems were short battery life and 
what Sementsov described as “back- 
seat drivers.” 
mw SCARLET PRUITT, IDG NEWS SERVICE 
Munich Taps Debian 
Linux for Desktops 
DUSSELDORF, GERMANY 

HE CITY OF MUNICH announced 
T°: April 15 that it will use the free 

Debian distribution of Linux in- 
stead of a commercial version for its 
move from Windows NT to the open- 
source operating system on 14,000 
desktop PCs. 

The municipality selected Softcon 
AG and Gonicus GmbH, two German 
IT services firms that submitted a joint 
bid, to install and support the Debian 
software. The so-called LiMux project 
is expected to be completed by the end 
of 2008. 

There was a high level of participa- 
tion in the bid process, which showed 
that Linux on the desktop is no “exotic 
solution,” said Peter Hofmann, LiMux 
project manager at the Munich govern- 
ment’s data processing center, in a 
statement. @ 53900 
mw JOHN BLAU, IDG NEWS SERVICE 


Briefly Noted 


IBM, which reported disappointing 
first-quarter results [QuickLink 
53834], is expected to announce a 
major restructuring in Europe by the 
end of June. That will include laying 
off thousands of employees, closing 
certain operations in Western Eu- 
rope and moving some operations 
to Eastern Europe, according to 
sources familiar with the plan. IBM 
officials declined to discuss details 
of the expected restructuring. 

m LAURA ROHDE, IDG NEWS SERVICE 


Fujitsu Services Ltd., based in 
London, earlier this month an- 
nounced that it won a £170 million 
contract ($326 million U.S.) to 
manage desktop computing support 
for more than 70,000 employees at 
U.K. banking company Lloyds TSB 
Group PLC. Under the five-year 
deal, the bank will transfer 300 IT 
staffers to Fujitsu. 


Hewlett-Packard Co. said that 

it plans to invest $50 million in a 
business process outsourcing cen- 
ter in Wroclaw, Poland. The center 
will open this week. 

mw SCARLET PRUITT, IDG NEWS SERVICE 
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Opteron Goes Dual-Core, 
But Dell Still Isn’t Buying 


BY TOM KRAZIT 
Advanced Micro Devices Inc. 
last week again beat Intel 
Corp. to market with cutting- 
edge technology, announcing 
two series of Opteron CPUs 
with a pair of processing cores 
on a single chip. But while 
Hewlett-Packard Co., IBM and 
Sun Microsystems Inc. said 
they plan to use the dual-core 
devices in servers, Dell Inc. 
remains an Opteron holdout. 
During a meeting with fi- 
nancial analysts in Austin ear- 
lier this month, Dell execu- 
tives reiterated that the com- 
pany plans to remain an Intel- 
only vendor, at least for now. 
Dell flirted with AMD last 
year, as Intel foundered with 
manufacturing missteps and 





product road map detours. But 
Intel has stabilized its chip de- 
velopment plans since last No- 
vember, according to analysts, 

and Dell has eased back on its 

AMD-friendly rhetoric. 

Jeff Clarke, senior vice pres- 
ident in charge of Dell’s enter- 
prise products, said in an in- 
terview with Computerworld 
in February that the company 
was standing by Intel on proc- 
essors [QuickLink 52665]. At 
the analyst meeting this month, 
Clarke noted that Dell had 
seen only “marginal increases” 
in demand for AMD’s chips 
from customers. 

University of Buffalo profes- 
sor Russ Miller, who runs the 
school’s Center for Computing 
Research, cited problems with 





the bus architecture design 

for Intel’s upcoming dual-core 
Xeon processors as one reason 
why Opteron is an alluring op- 
tion for high-performance 
computing users as well as 
some business customers. The 
Intel chips will share a bus 


| connection to the memory in 


servers, which could affect 
performance on applications 
that require fast shuffling of 
data to and from memory. 

Miller said that in conversa- 
tions with Chairman Michael 
Dell and other Dell executives, 
he has expressed his satisfac- 
tion with the company’s engi- 
neering and sales teams. But 
he also told them of his desire 
for an Opteron-based server 
from Dell. “We don’t see an 
option from Dell,” Miller said. 
“But we know this is impor- 
tant to our industry.” 

Intel isn’t expected to re- 
lease its dual-core Xeon 





processor until early 2006. 
However, Dell executives not- 
ed that adopting AMD as a 
supplier would increase the 
computer maker’s operating 
costs because it would need to 
set up new development and 


| testing teams. Using Opteron 


also could affect the pricing 
deals that Dell gets from Intel 


Pairing Up 


IBM said it will use the new 
Opteron devices in its eServer 
326 system and its Intelli- 
Station A-Pro workstation. 
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in return for its fidelity. 

“If Dell were to offer 
[Opteron systems], that’d be 
great,” said Chris Ruffieux, 
vice president of technology 
at Gannett Media Technolo- 
gies International in Norfolk, 
Va. “But if it’s going to cause 
the prices of other things I’m 
buying from Dell to go up, I'd 
rather have it stay the same.” 

Dell and Alienware Corp. 
last week began shipping PCs 
with Intel’s first dual-core 
processor, the Pentium Ex- 
treme Edition 840. The fact 
that both AMD and Intel 
launched their initial dual- 
core products in the same 
week “is pretty amusing,” said 
Kevin Krewell, editor in chief 
of Microprocessor Report in 
San Jose. “They’re fighting 
tooth and nail.” @ 53954 


Krazit writes for the IDG 
News Service. 
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Continued from page 1 
Credit Cards 


transaction levels. Banks that 
issue credit cards will be re- 
sponsible for ensuring that 
companies comply with PCI 
and could face up to $500,000 
in fines per incident if data is 
compromised. 

The PCI standard aligns and 
builds on the separate security 
requirements that both Mas- 
terCard and Visa had prior to 
December 2004, said John 
Verdeschi, MasterCard’s vice 
president of e-business and 
emerging technologies. It’s de- 
signed to offer a common ap- 
proach for protecting credit 
card data across both brands, 
he said. 

Other card companies, in- 
cluding American Express Co. 
and Diners Club International 
Ltd., have also endorsed the 
PCI standard, he added. 


Complex Requirements 
“The good part about the pro- 
gram is that it provides good 
guidelines and standards of 
conduct,” said Todd Mazurek, 
vice president of strategic 
planning at Tickets.com Inc., 
a Costa Mesa, Calif.-based 
provider of ticketing services 
for live events. 

But complying with some of 
the PCI provisions could be 
difficult for midsize and small 
merchants, Mazurek warned. 
One example is the require- 
ment that merchants record 
and keep track of all activity 
involving access to informa- 
tion about cardholders. 

“That’s a lot of information 
that you need to track,” Ma- 
zurek said. “Doing that in a 
manner that doesn’t impact 
your responsiveness is some- 
what tricky.” 

OshKosh B’Gosh Co. is 
working with the vendor of its 
point-of-sale software to bring 
approximately 600 POS sys- 
tems in 170 stores into compli- 
ance with PCI, said Jon Dell’- 
Antonia, CIO at the Oshkosh, 
Wis.-based clothing retailer. 

“It really involves what data 
you capture and forward when 
you scan a credit card in 
stores,” Dell’Antonia said. The 
company is also evaluating 





| what other changes it needs 


to make to comply fully with 
the standard, he added. 

Jelly Belly Candy Co. is do- 
ing a similar evaluation of its 
Web site operations to see 
what compliance-related is- 
sues it might need to address, 
said Gary Praegitzer, a securi- 


| ty specialist at the Fairfield, 


Calif.-based candy maker. 

“It’s a good thing to have a 
list of things to check off to see 
if we are following guidelines,” 
Praegitzer said. He added that 
Jelly Belly is using Qualys 
Inc., its vulnerability assess- 
ment service provider, to scan 
and audit the site. Redwood 
Shores, Calif.-based Qualys 
offers a MasterCard-certified 
testing process that features 
self-service compliance assess- 
ment and reporting. 

The PCI requirements re- 


Continued from page 1 


NYSE 


Chicago-based Archipelago, 
according to officials at the 
two exchanges. 

Steve Rubinow, Archipel- 
ago’s chief technology officer, 
said that while the two ex- 
changes will likely learn a lot 
from each other’s vastly differ- 
ent technology infrastruc- 
tures, their IT departments 
will remain separate and their 
systems will run in parallel for 
the foreseeable future. 

The two IT teams will have 
a close working relationship, 


will. move to a hybrid of 
electronic and traditional trading. 





Rubinow said, but he added 
that “the nature of that work- 


| ing relationship has yet to be 


spelled out.” As for the future 


| of the two trading approaches, 


“it’s really up to what cus- 
tomers want to do,” he said. 
“They'll help us determine 
what the future of all these 
systems will look like.” 


Different Strategies 

The separate paths planned by 
the NYSE and Archipelago 
contrast with the technology 
integration strategy that Nas- 
daq outlined for its proposed 
acquisition of Instinet Group 
Inc.’s electronic exchange. 

The addition of Instinet’s 
trade-matching engine should 
make “our technological plat- 
form more competitive,” Nas- 
daq CEO Bob Greifeld said. 
Nasdaq also noted that it ex- 
pects Instinet’s technology to 
help it realize “significant sav- 
ings.” (For more details about 
the Nasdaq/Instinet deal, see 
At Deadline on page 4.) 

The NYSE’s postmerger IT 
strategy hews to a plan that it 
had already put in place for 
supporting a mix of trading 
methods. In an interview last 
December, Roger Burkhardt, 
the NYSE’s CTO, said the ex- 
change planned to adopt a 
hybrid model that would allow 
electronic and traditional 





floor trading to take place 
side by side. 

Echoing Rubinow’s com- 
ments, an NYSE spokes- 
woman said last week that of- 
ficials there and at Archipel- 
ago “are committed to going 
forward with the 
hybrid model, and 
the markets will 
remain distinct.” 
However, she 
added that the 
two exchanges 
“will be exploring 
ways to work to- 
gether.” 

If the ex- 
changes are kept 
separate, “a lot of 
the IT challenges 
would be mini- 
mized,” said Bill 
Cline, a financial 
industry consul- 
tant at Accenture 
Ltd. But both 


SOURCE: VISA U.S.A. INC 


It's really up 
to what the 
customers want 
todo. They'll help 
us determine 
what the future of 
all these systems 
will look like. 





flect an effort to staunch the 
growing costs associated with 
credit card fraud and security- 
related card replacements, 
said Michael Dahn, a senior 
adviser at Ambiron LLC, a 
Chicago-based provider of se- 
curity services for the pay- 
ment processing industry. 

For example, companies will 
need to encrypt or otherwise 
mask credit card information 
that may be stored on POS 
systems, Dahn said. Currently, 
many retailers store credit 
card information on such sys- 
tems for periods of up to a 
month for backup or settle- 
ment reasons, he noted. 

Under PCI, it would be an 
“egregious violation,” subject 
to steep fines, for companies 
to store unencrypted credit 
card data on POS systems, 
Dahn said. @ 53943 


tronic trades can be processed 
much more quickly than those 
done on a trading floor. 
Currently, the NYSE elec- 
tronically matches only about 
10% of its trades, according to 
Larry Tabb, an analyst at The 
Tabb Group in 
Westboro, Mass. 
The NYSE also 
hasn’t been ag- 
gressive about 
adopting technol- 
ogy to automate 
the trade-match- 
ing process, Tabb 
and other analysts 
said. For example, 
trade orders are 
still manually key- 
punched into the 
exchange’s clear- 
ing and settle- 
ment system. 
Tabb said the 
planned merger 
would provide the 


Cline and Jodi 
Burns, an analyst 
at Celent Com- 
munications LLC 
in Boston, said it’s likely that 
traders will ultimately deter- 
mine the fate of the NYSE’s 
open-outcry auction system. 
Burns added that she can’t 
see why the combined compa- 
ny would keep the NYSE’s 
two-century-old approach 
alive for long, because elec- 


STEVE RUBINOW, 
CTO, Archipelago 
Holdings Inc. 


NYSE with access 
to “very good 
front-end technol- 
ogy” for tasks 
such as managing the flow of 
trade orders and accepting dif- 
ferent types of orders. But, he 
noted, “developing the capa- 
bility for floor brokers and 
specialists to interact with an 
electronic flow will take time 
— time to develop and time to 
adapt.” @ 53932 
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Microsoft Aims to Boost Deployment, Availability 


Longhorn OS will also 
support role-based 
servers, Allchin says 





BY CAROL SLIWA AND 
ROBERT L. MITCHELL 


BOSTON 


Microsoft Corp. plans to hand out a pre- 
view copy of its next major Windows 
release, code-named Longhorn, at the 
Windows Hardware Engineering Con- 
ference this week in Seattle. In addition, 
it’s expected to release 64-bit editions of 
Windows XP and Windows Server 2003. 
Jim Allchin, group vice president of plat- 
forms at Microsoft, spoke with Comput- 
erworld earlier this month about Long- 
horn and the potential benefits of 64-bit 
computing. Excerpts follow: 


What new features in Longhorn are tailored 
for IT shops? In business, we want to be 
able to manage the [system] images 
that people are creating for deploy- 
ment. Today, it’s very complicated for 
them. They have to build im- 

ages for different locales 

around the world because of 

different languages. They have 

to build images that are differ- 

ent depending on the type of 
hardware that they’re deploy- 

ing [Windows] to. All those 

add cost. We’re trying to doa 
re-engineer of that to make 

that much simpler. 

Another example: We’re going to 
drop the number of reboots. We'll do 
ad hoc patching. There’s a whole set of 
things we’re doing to try to keep the 
system to where availability is higher. 


Do you have a goal for continuous uptime? 
We do, but I’m not going to quote it. 


How will role-based computing work in 

the server version of Longhorn? Our focus 
is to take the “experience thinking” 
[about what users do with systems] 
and tie it to roles that the server is in: 
“This is a Web server.” “This is a mes- 
saging system.” “This is an [Active Di- 
rectory] certificate system.” You check 
that role, and everything you need for 
that role is there. You don’t have to 
think. It’s like a Swiss Army Knife, only 
instead of having the rest of the blades 
there, which might get in your way, 
you basically say, “I want this blade,” 
and the rest of the blades fall away. 


So it means stripping away everything 
that’s superfluous and getting back to some 


| sort of Windows core plus a set of dedicat- 
ed features? Once you decide that that’s 
what this server is, then that’s what 
runs in that box. We did it a little bit in 
[Windows] 2000, more in [Windows 
Server] 2003, and we're just taking it to 
the next step here. 


Which features coming in Longhorn do you 
think will help most as you compete against 
Linux? We’re working on partitioning. 
That [provides] the ability to add 
processors and add memory while the 
system is running. There’s a whole set 
of availability [features] — the ability 
for fewer reboots. Componentization, I 
think, will be appreciated as well — 
and the role-based approach. 


What new capabilities will users gain with 
64-bit computing? The 64-bit world is 
very significant for a number of rea- 
sons, most of which people don’t un- 
derstand, in my view. 

First, x64 supports 128 gigabytes of 
RAM and 16 terabytes of virtual ad- 





dress [space]. What this means | 


is you could actually apply a 
significant amount of memory 
to one of these machines, and 
you could keep everything 
that you’re dealing with in 
memory. You can search and 
tie pieces of information to- 
gether in such a simple way be- 
cause you can just use brute- 
force approaches. 

Another advantage that I see deals 
with security, in that 64-bit has “no ex- 
ecute” on by default. That means you 
have an additional level of security — 
not perfection, but an additional level 
of security for marking data segments 
as not being able to run code. So it 
means certain attacks to the [operating 
system] stack aren’t possible. We tried 
to do this a little bit with [Windows 
XP] SP2 for the 32-bit world, but it 
doesn’t work anywhere near as easily 
as in the 64-bit world. 


Will 32-bit applications experience a boost 
in performance running on 64-bit Win- 
dows? We’ve done a bunch of tests. 
What you will see typically is a little 


Go to our Web site for an expanded version 
of this interview with Jim Allchin: 





Microsoft provides an early look at Longhorn’s 
new file navigation and search capabilities: 


QuickLink 53842 
www.computerworld.com 


| Perhaps 5% to 10%? Yeah. It’s small. It 
| dramatically depends on how much 








| [the applications] call the OS. The 
| more they call the OS, the more gain 
| they'll get. 


| bit of performance gain. 


Will there be separate 32- and 64-bit 
versions of Longhorn? We'll have both. 
| @ 53821 
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OPINION — 


DON TENNANT 


“Trivial Pursuit 


ERE’S A PIECE OF IT TRIVIA for you. 
One day back in the mid-’90s, I asked 
Bill Gates this question: “If you could 
have one other software vendor’s tech- 
nology dropped in your lap free of 
charge tomorrow, with no worries about Justice 


Department investiga- 
tions, what would you 
pick?” What do you sup- 
pose he said? 

Well, Gates being 
Gates, he dismissed any 
technology-related attrac- 
tion to anyone else’s soft- 
ware. He picked IBM’s 
MVS for the bucks. “They 
have an installed base of 
25,000 that’s growing zero 
units a year, and they 
make $6 billion a year,” 

Gates said. “So the most profitable 
software franchise ever is what IBM 
has done there.” Hey, he’s nothing if 
not a businessman. 

My comeback was that I would 
have guessed he’d choose some sort 
of Internet-related software. Re- 
member, this was back when Micro- 
soft was seen as being very late to 
the Internet game, and that pesky 
Netscape upstart was giving it fits. 

“I wouldn’t say that,” Gates re- 
sponded with characteristic, if 
feigned, nonchalance. “Because an 
Internet browser is a trivial piece of 
software.” 

I didn’t realize it at the time, but 
that “trivial piece of software” line 
would become the most frequently 
quoted comment from any interview 
I’ve ever done. I’ve seen it cited, 
even years later, in books, newspa- 
pers, research papers and essays. 

I did know then that it was a con- 
troversial statement. So being the 
troublemaker I am, when I hooked 
up with Netscape co-founder and 
then-chairman Jim Clark a couple of 
months after that chat with Gates, 
the first thing I did was tell him what 
Gates had said about browsers. 





Clark’s response was 
priceless. “MS-DOS is a 
trivial piece of software,” 
he fumed. “Why was he 
successful? Because he 
wrote some beautiful 
piece of software? That’s 
totally ridiculous. He 
didn’t even write the damn 
thing. He licensed it. At 
least we’ve got the guys 
who originally wrote 
ours.” Calm down, Jim. 
Fast-forward 10 years 
to the present, when we can all agree 
that browsers are anything but triv- 
ial. Looking back, it’s clear that 
Gates’ statement was even goofier 
than it was controversial. If the 
browser was so trivial, why would 
Gates subsequently claim through 
years of antitrust litigation that it 
was technically too complicated to 
unbundle it from the operating sys- 
tem? And if it was so easy to make 


one that works well, why have Mi- 
crosoft and the millions of us who 
use Internet Explorer suffered so 
much pain from the security flaws 
that have riddled IE? 

No, it’s hardly easy. That’s why, 
ironically enough, Microsoft has 
such a chokehold with IE. Netscape 
found it too difficult to make its 
browser sufficiently compelling to 
prevent its marginalization to near 
oblivion. According to the Web mon- 
itoring outfit Net Applications, as of 
February Netscape held a pathetic 
1.89% share of the browser market. 

And now there’s Firefox, the open- 
source offering from the Mozilla 
Foundation that in a few short 
months has grabbed an impressive 
6.17% share of the market, according 
to Net Applications. The surge has 
pushed IE’s share down under 90%. 
Just one glitch. Well, make that a lot 
of glitches: On April 15 Mozilla an- 
nounced a third round of fixes for 
Firefox security flaws, this time 
patching eight critical holes [Quick- 
Link 53859]. Not a trivial number. At 
this rate, Gates’ nonchalance won't 
need to be feigned. @ 53913 
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VIRGINIA ROBBINS 


The IT 
Funding 
Dilemma 


c<¢ OT ENOUGH re- 
sources,” moaned 
one of my direct 


reports. I was a bit surprised by his 
answer when I asked what his most 
pressing issue was. 

I had expected him to name one of 
the many large projects that he was 
managing. But no, none was at risk; the 
thing for him was that the list of poten- 
tial projects seemed infinite. I under- 
stood. Our triple-digit growth meant 
that our bright, aggressive marketers, 
cost-driven operations managers and 
ever-diligent compliance officers were 
all thinking up new ideas daily. 

The primary cause of the never- 
ending lists problem used to be a poor 
IT governance process. But we 
launched a new pro- 
gram a year ago, and 
since then, my em- 
ployee’s team has 
contributed many 
improvements. To- 
day, the business 
owners speak highly 
of the transparency 
of the process and 
believe that projects 
are getting selected 
and worked on in the 
right order. Still, they 
all would like to have 
more projects done. 

So would I. But to do so would re- 
quire more funding. 

What if we did have more people 
who were completely trained and as 
good as or better than the current 
staff? Would that be enough? Probably 
not. IT funding is like your salary. No 
matter what level it’s at, it’s always go- 
ing to take another 20% to make you 
completely satisfied, and I know of no 
truly satisfied successful CIO. 

I’ve experienced what can happen 
when an IT department’s funding 
keeps expanding. A company I worked 
at, believing that its products were tru- 
ly different, required that its software 
be customized. The costs to support 
the heavily customized code grew each 
year until IT became one of the largest 
departments. Eventually, the company 
was unable to keep pace with its com- 
pliance requirements. Once profits be- 





www.computerworld.com 


OPINION 


COMPUTERWORLD April 25, 2005 21 





gan to decline and operations were 
questioned by regulatory agencies, the 
board brought in a new CEO, who fixed 
the problems by outsourcing 85% of IT. 
The challenge is finding the sweet 
spot where IT is spending enough to 
fund the most meaningful projects but 
not so much as to create problems for 
the company. I depend upon average 
industry ratios of IT expenses to total 
company expenses. If we’re roughly in 
line with others within our industry, 
then all things being equal, our profits 
should be roughly the same as those of 
our competitors. Usually measured as a 
percentage of total expenses, the range of 
these ratios is typically from 3% to 20%. 
These are guidelines, however. How 
dollars are to be allocated to IT is best 
determined by considering business 
alignment and IT governance. I’ve 
worked in two industries with very high 
ratios. The percentages I have had to 
work with have ranged from 12% to 35%. 
The final amount for my IT department 
has been a compromise that considers 
the company’s financial goals, market- 
ing and sales goals, regulatory needs 
and short-term limitations within IT. 
Once again, it comes back to good 
governance. As for my employee, I 
need to remember to tell him that 
while it may seem frustrating at times, 
the work that he’s doing within our 
agreed IT governance is enabling him 
to be a strategic gatekeeper for the 
company. He’s done a terrific job in 
improving his team’s efficiency in that 
our expenses dropped 1% last year. 
The list of projects may seem long, but 
right now he’s doing an incredibly im- 
portant job in ensuring that the compa- 
ny’s capital is spent on the right IT 
projects at the right time. @ 53841 


DAVID MOSCHELLA 


HP Has to 
Relearn How 
‘To Be HP 


N THE EARLY 1980s, when 
the PC emerged and com- 


puter hardware began its 
long transition toward commodity sta- 
tus, there were three great U.S. com- 
puter technology companies: IBM, 
Digital and Hewlett-Packard. While we 
all know now that the power of micro- 
processor-based systems changed 
computing forever, to appreciate the 
challenges that HP currently faces, it’s 
worth revisiting how each of those 


companies responded to 
the changes that roiled the 
industry. 

Over the past 20 years, 
IBM has essentially moved 
up the technology stack, 


| exiting numerous hardware 


businesses, including print- 


| ers, commodity semicon- 
| ductors and, most recently, 


laptop PCs. It has used its 
immense mainframe base to 
develop a powerful services 
and software position. It’s 
no longer the technology 
force it once was, but it has 


| aclear strategic focus, supporting 


large and midsize companies. 

In contrast, Digital had neither the 
services position of IBM nor the ability 
to compete in the cost-driven PC busi- 
ness, and thus it never really had any- 
where safe to go. When it both under- 
estimated and misplayed the growing 
Unix server business, its fate was 
sealed. Who would have thought that 
it would soon be acquired by a PC 
company (Compaq) and then vanish 
into HP, a rival it dwarfed in the once- 
proud minicomputer industry? 

In comparison, HP has been a bas- 
tion of stability. There have been no 
great strategic shifts, because HP never 





really was an integrated 
computer systems company 
as IBM and Digital were. It 
was always more of a col- 
lection of Silicon Valley- 
style enterprises — calcula- 
tors, printers, minicomput- 
ers, test and measurement 
equipment, etc. In this 
sense, it was in a much bet- 
ter position to exploit the 
opportunities of the PC era. 
HP had a corporate culture 
that could get excited about 
peripheral markets, such as 
laser printers, in a way that 


IBM or Digital never could. 


Thus, while IBM has succeeded in 
services, and Digital could have suc- 
ceeded in the midrange (as Sun Micro- 
systems eventually did), HP has always 
been primarily a device company. It 
once seriously considered buying the 
consulting business of Pricewater- 
houseCoopers (subsequently bought 
by IBM), which would have required a 
radical and almost unimaginable shift 
in culture. However, acquiring Com- 
paq, while certainly risky and perhaps 
unwise, was well within the company’s 
traditional strategic orbit. 

The Compag acquisition was a defin- 
ing moment because it meant that 





| there could be no turning back and that 
| HP would have to be successful in PCs 
| and low-end servers or face a calami- 

| tous future. While HP can still consider 
| moves such as buying Sun or Novell to 
| expand its enterprise position, it can’t 

| just move up the stack the way IBM 


did, and it can’t afford to misplay its 


| core business the way Digital did. 


So if I were HP’s new CEO, Mark 


| Hurd, I would be asking questions 

| such as these: Is Dell, with its clunky, 

| unimaginative boxes and declining ser- 
| vice levels, really so good that we can’t 
| compete? Why is so much design and 


product innovation happening down 


| the road at Apple Computer and so lit- 
| tle at HP? How come, after all these 
| years, not a single major PC vendor 


has really tried to advance the Linux 
PC concept? Why aren’t we much 
stronger in the image editing and man- 
agement business? 

Only by reinvigorating its core prod- 
uct technology focus can the company 
rediscover its dynamism and avoid the 


| painful breakup it’s currently headed 


toward. @ 53829 
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More columnists and links to archives of previous 
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Gun Comments Sidetrack Readers 


{ "VE HAD SIMILAR problems 
with Lone Ranger types as C.J 
Kelly described in her Security Man- 
ager's Journal [“Hi-Yo, Silver! Away 
With Lone Rangers,” QuickLink 
52693]. The best thing to do with 
employees who pull those kinds of 
tricks is to pink-slip them. With 
any luck, your competitors will 
hire them. 

| was saddened to see that Kelly 
used the article to express antigun 
sentiments. As a permit-carrying, 
law-abiding techie, | encourage her 
to cut legitimate gun owners some 
slack. That employee would still be a 
jerk, armed or otherwise. 
John Burgoon 
Informaticist, 
Bloomington, Ind. 


ELLY’S IMPLICATION that 

some law-abiding owners of 
firearms were violence-prone was 
so off-base | am aghast. In the rural 
areas that | was brought up in, hunt- 
ing and plinking are integral parts of 
life. Every other pickup truck has a 


| rifle or shotgun, as sure as they 


| 
| 
| 
| 
| 





have a toolbox. Most of my relatives 
and a good portion of my friends 
own and occasionally carry guns, 


| and none has ever shot another hu- 
| man being except in the service of 


their country. Yes, there are plenty 


| of bad characters out there whose 
| only use of a firearm is for violence 


against other people. Legitimate 


| owners of guns despise them. 


The number of crimes committed 


| by those licensed to carry con- 


cealed weapons is a fraction of the 
total. If you are looking for a law- 
abiding citizen, look at the person 
with the concealed permit who has 


| had extensive training and back- 


| ground checks to obtain that status. 
| But please, don’t spread misinfor- 

| mation that is insulting to so many 

| honest folks. 


| 
| 
| 


Daniel Bell 

Manager of product develop- 
ment, Elizabethtown, Ky., 
huntingky@yahoo.com 


C.J. KELLY RESPONDS: Guns 


| my family have them. The issue, 
| which | unfortunately didn’t make 


| owners in this situation seemed to 
| boast about possessing guns in 


| threatened. 


| oruse a standard format. Setting 


| the benefits of an EHR, just on who 





weren't the issue. Lots of people in 
clear enough, was that the gun 


relation to my requiring them to 
do their work differently. | felt 


Funding E-health 


RANK HAYES’ COLUMN 

“E-health, Stat!” [QuickLink 
52932] correctly points out that 
many medical providers still use 
paper charts. He suggests that the 
solution is to have Medicare force 
them to convert to an all-electronic 
format (the electronic health 
record, or EHR), implying that most 
providers don’t want to convert to 


aside the problem of the nonexis- 
tence of a standard EHR, the diffi- 
culty is that the goals of the players 
aren't aligned. No one disagrees on | 


should pay for the process of con- 





version. Medicare, Medicaid and 


insurance companies lack the long- 
term perspective necessary to fund 
the conversion. Employers and em- 


| ployer groups have a more appro- 


priate perspective, but they don’t 
pay more to hospitals with EHRs 


| Most hospital systems don’t have 


the funds to support a massive con- 


| version, although some areas are 


being converted on an opportunis- 
tic basis. It's easy for Hayes to sug- 
gest a mandate, but I'd like to know 
who will fund it. 

David B. FitzGerald, M.D., MBA 


Gainesville, Fla. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 


| will be edited for brevity and clarity 
| They should be addressed to 


Jamie Eckle, letters editor, Com- 
puterworld, PO Box 9171, 1 Speen 
Street, Framingham, Mass. 01701 


Fax: (508) 879-4843. E-mail 
letters@computerworld.com. 


Include an address and phone 
number for immediate verification 
For more letters on these and 


other topics, go to 
www.computerworid.com/letters 
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A workstation with muscle. 


Built for the road. 


Introducing mobile productivity with horsepower — the 
Dell Precision” M70 Workstation with Intel® Centrino" Mobile Technology. 


Now you can dramatically increase productivity by quickly powering through your most complex projects. No matter 
where you are. Create, modify and demo content anywhere. Analyze and research on the go. Plus, you never have to 
worry with the M70 — a comprehensive set of !SV certifications ensures this notebook can run your application, while 
a range of security solutions protects your data, as well as your system. And of course, workstation support, should 
you need it, is just a phone call away. Add in an incredibly attractive price and 256MB 

OpenGL graphics, and you've got a workstation that 


packs one powerful punch. 
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Where IP and telecom unite. 

Where security is offensive, not defensive. 
Where e-commerce is safe commerce. 
Where content is mobile and personal. 


Where infrastructure is more intelligent. 





VeriSign. 
Where it all comes together. 
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Virtual machines are being 
used by an increasing 
number of companies 
because they give users 
new capabilities to manage 
computing resources. 


Page 28 


Ghosts in the Machine | 


FUTURE WATCH SECURITY MANAGER’S JOURNAL 


Staying Out in Front Firewall Request 

At HP Labs, the work of Gets Third egree 
researchers such as Beth Keer | Mathias Thurman must conduct 
(left) runs the gamut from data due diligence before opening 
center management tools to a firewall to let a partner 

an architecture for the world’s company transfer data. 

tiniest computer. Page 32 Page 34 


Faced with potential catastrophe caused by anything from 
the weather to a malicious attack, companies need to make 
sure their disaster recovery plans match best practices. 


T WAS THE MONDAY MORNING after the 
July 4th weekend. The power went out in 
the highest building in Philadelphia. Not to 
worry, the disaster recovery (DR) special- 
ists had that one covered — the building 
had a connection to a separate part of the 
grid. But then the repair crew accidentally 
severed the backup connection. 
“Every disaster has a different face, so no 

one can accurately predict,” says Nick Vout- 

sakis, chief technology officer at Glenmede 

Trust Co., a wealth management firm whose 

headquarters occupies four floors of that 

building in Philly. “Your planning has to be 

flexible enough to cope.” 

Incidents like this one give businesses a 

chance to see their DR technology in action. 

While some companies pass with flying colors, the 

plans of others are exposed as incomplete, unrealis- 

tic and technologically flawed. So, what are the tried- 

and-true best practices, what technologies should be 

deployed, and how should IT cooperate with the or- 

ganization as a whole in order to take all necessary 

precautions? 


“Those companies with untested or poorly tested 


| plans will eventually discover that they aren’t as pro- 
| tected as they thought they were,” says Mike Karp, an 
| analyst at Enterprise Management Associates Inc. in 


Boulder, Colo. 


| Planning for the Unplanned 


Some DR plans are too simplistic, don’t 
mesh with the real world and have little 
value in an emergency. Others are complex 
tomes that nobody reads. According to 
Voutsakis, the trick is finding a balance. 

But even companies with well-compiled 
plans can look foolish if nobody can find 
the plan when they need it. It’s no good if 
it’s lost in a binder or in a PC that’s down 
because of the disaster. So keep copies of 

the plan in multiple locations. 

“We include copies of our plan in the emergency 
packs we provide to employees containing food, med- 
ical supplies, flashlights and so on,” says Voutsakis. 

Glenmede is primarily a Windows 2000/XP shop 
that uses Cisco Systems Inc. switches and Dell Inc. 
servers and desktops. Its DR plan has several layers, 
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ing an off-site machine with other compa- 
nies. The Members Group does this with an 
IBM iSeries server; each company pays its own 
network services provider to host it. 


Use partners and leverage their expertise 
to make your disaster recovery plans 
work. Hold them accountable for their tech- 
nology functioning as promised. 

Consider setting up an arrangement 
where your company and one or two oth- 
ers operate as replication facilities for one 
another, says Mike Karp, an analyst at Enter- 
prise Management Associates. 


Don't depend on one operating system. 
“Use a variety of OSs,” says Michael Smith, 
general manager of operations at Forbes.com. 
“We use Linux, Sun, Microsoft and others.” 


Allow enough time to unearth project com- 


plexities. That can even mean drilling down into 


each application to uncover interdependencies 
and idiosyncrasies. “Proprietary applications 
are sometimes coded to a specific IP address 
or machine name, so that when you move them 
to a replicated facility, they don't work,” says 
Jeff Russell, ClO at The Members Group. 


“As well as planning the technical details, 
you have to plan the financial aspect in the 
same depth, since DR will be expensive,” 
says Michael Gruth of Deutsche Borse. 


20 La A I NINN TROL NOOR OW ON A 


“You have to tie excellent change man- 
agement into the recovery plan,” says 
Michael Croy, director of business continuity at 
Forsythe Technology Inc. in Skokie, Ill. Things 
change at a whirlwind rate in any enterprise. 
Employees come and go, servers and applica- 
tions change with the seasons, and people 
have a tendency to not stay where you want 
them to. “The infrastructure in today's business 
is in a constant state of flux,” says Croy. 


AL SRR ARN NEY I 


Not all applications are created equal. Deter- 
mine which applications and which data 
are most critical and then replicate them 
constantly. Some applications can be down 
four hours, and others perhaps longer. “We 
replicate some applications minute to minute 
and others nightly,” said Nick Voutsakis, 
CTO at Glenmede Trust. 


“Perform a business process analysis _ 
to truly understand how the business 
operates, fully understand the dependen- 
cies among systems and set priorities ac- 
cordingly,” says Chip Nickolett of Compre- 
hensive Consulting Solutions. 
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depending on the situation. If people can’t get to work 
because of excessive snow, the servers keep running 
at headquarters and the staff works securely from 
home. If the building’s power goes out, the critical sys- 
tems can be brought up within four hours at a “hot 
site” across town owned by business continuity ser- 
vices and outsourcing provider SunGard Availability 
Services Inc., a unit of SunGard Data Systems Inc. If 
an event keeps employees out of the building for a 
week, desktops for key personnel are standing by 

at SunGard. 

During the Independence Day weekend outage, 
Glenmede’s management declared an emergency at 
7:30 a.m. Since all data is replicated to the hot site, 
the company had all systems running by 11.30 a.m. 
But it takes a well-oiled machine to pull that off 
smoothly. And that means teamwork. 

“Form a business continuity program with a dedi- 
cated team of two to five people, with a senior man- 
agement sponsor,” advises Roberta Witty, an analyst 
at Gartner Inc. in Stamford, Conn. 

Glenmede’s primary DR committee consists of the 
CTO, the heads of office services and risk manage- 
ment, and an IT audit member. The committee ap- 
pointed an extended business continuity group con- 
sisting of representatives of 20 business units. These 
people are trained in business continuity, write the 
plans and collaborate with their business units. The 
minutes of both committees’ sessions are sent to 
Glenmede’s board of directors. 

Each business unit has to evaluate its processes 
and needs. At The Members Group Inc., a West Des 
Moines, Iowa-based company that provides card- 
processing and mortgage services to credit unions, 
the necessary recovery period varied widely by de- 
partment and time of the month. Payroll, for in- 
stance, might be happy with a 13-day recovery win- 
dow at the start of the payroll period and a 30-minute 
recovery on payday. 

“You have to work with the business units to fully 
understand the drivers of each application,” says Jeff 
Russell, CIO at The Members Group. It’s impossible 
for a lone IT staffer to appreciate the particular 
needs of each department. The Members Group 
uses StoneFly Replicator, an IP storage-area network- 
based asynchronous disaster recovery product from 
San Diego-based StoneFly Networks Inc. to maintain 
a mirror image of critical data at a remote location. 


State-of-the-Art Technology 


While opinions vary as to what constitutes state-of- 
the-art technology, experts such as Karp of Enterprise 
Management Associates and Chip Nickolett, a disas- 
ter recovery specialist at Comprehensive Consulting 
Solutions Inc. in Brookfield, Wis., agree that cluster- 
ing, SAN mirroring and replication are on the leading 
edge. However, they warn that these can be expensive 
technologies. 

Among operating systems, OpenVMS and Unix 
seem to be favored more than others. Alpha/Open- 
VMS, for example, has built-in clustering technology 
that many companies use to mirror data between sites. 
Many financial institutions, including Commerzbank, 
the International Securities Exchange and Deutsche 
Borse AG, rely on VMS-based mirroring to protect 
their heavy-duty transaction-processing systems. 

Deutsche Borse, a German exchange for stocks and 





MTU 


What's the difference between disaster recovery and 
business continuity? According to John Glenn, a BC con- 
sultant in Clearwater, Fla., DR deals solely with IT and what 

it perceives as the business units’ requirements. BC, on the 
other hand, focuses on the business units. IT is just one of 
the functions that serve those units, and it’s one facet of 
business continuity, along with human resources, accounting 
and emergency preparedness. 

“Most IT folks think BC is just a new name for DR,” says 
Glenn. “Instead of running the program from IT, it is far more 
effective to put BC - of which DR is a subset - under the 
CFO, CEO or COO.” 

In the event of a disaster, BC ensures that the company 
can continue to provide critical services while the enterprise 
is being restored to full functionality. BC focuses on avoiding 
or mitigating risks. DR restores the organization afterward. 

“DR must be based on a solid BC plan that has taken into 
account the reality of the business requirements for recovery,” 
says Michael Croy, director of business continuity at IT infra- 
structure consultancy Forsythe Technology Inc. 

And IT organizations are beginning to get the point. 

“We have gotten away from the term DR. since it assumes 
the facility is not available,” said Jeff Russell, CIO at The Mem- 
bers Group. “BC, on the other hand, deals with how we contin- 
ue despite business interruption.” 

- Drew Robb 


derivatives, has deployed an OpenVMS cluster over 
two sites situated 5 kilometers apart. It also uses Fi- 
bre Channel switches from San Jose-based Brocade 
Communications Systems Inc. and Cisco switches 
and routers in its network to ensure high availability. 

“DR is not about cold or warm backups, it’s about 
having your data active and online no matter what,” 
says Michael Gruth, head of systems and network 
support at Deutsche Borse. “That requires cluster 
technology which is online at both sites.” 

For its part, Windows has as many detractors as 
advocates. “While we’ve never failed to recover a 
Unix system, it’s a different story with Windows,” 
says Nickolett. “Common problems include failed 
restores, software conflicts and issues with patches 
or service packs.” 

Forbes.com Inc. in New York also favors platforms 
besides Windows. Each business day, it publishes 
more than 1,500 articles online, making heavy use of 
an advertising workflow system running on an Intel/ 
Linux platform and a content management system 
hosted on high-end Fujitsu Ltd. servers that run Sun 
Solaris. Both are protected using the Continuous 
Protection System, an appliance from Revivio Inc. in 
Lexington, Mass. A Gigabit Ethernet line connects to 
a data center at an unspecified location using host- 
based mirroring technology. “We're able to switch to 
the appliance in the event that the primary system 
has a problem,” says Michael Smith, general manager 
of operations at Forbes.com. 

But not everyone agrees that Windows should be 
avoided. In fact, the Cancer Therapy & Research 
Center (CTRC) in San Antonio stakes its patients’ 
lives on a combination of Microsoft Corp., EMC Corp. 
and Cisco tools for host-based mirroring. At the 
medical center, 21 servers — primarily Windows 
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2000/2003, plus a few Linux boxes — store data on 
an EMC Clariion FC4700 array. Two Cisco SN 5428 
iSCSI routers and a Cisco MDS 9506 switch mirror 
data and large imaging files over a Gigabit Ethernet 
network to another Clariion array at the research 
center 22 miles away. According to Mike Luter, CTO 
at CTRC, it takes 10 minutes to recover a downed 
server and restore service. 

“Business continuity is far more important to us 
than disaster recovery,” says Luter. “We want our appli- 
cations always available to our patients. If we lost the 
building, it would take a lot more than a few comput- 
er systems to be able to treat our patients elsewhere.” 


Testing Times 


The finest technology and the most skillful planning 
are about as far as many companies go in DR, and 
that’s nowhere near far enough. It takes testing ga- 
lore to prepare for the real thing. “Failing to follow 
through with exercises to locate and correct plan 
deficiencies is a common error,” says John Glenn, a 
business continuity consultant in Clearwater, Fla. 

That doesn’t mean an IT administrator “dummy- 
running” the plan over the weekend on his own, Glenn 
says. You should bring all systems down on a Sunday 
to see if the remote site operates as planned. And 
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bring in a few dozen employees and run a live test to 
see how the business units are affected. Can finance 
continue accounting, sales keep selling and produc- 
tion continue to turn out products? In addition, sur- 
prise everyone with a few random exercises during 


| the workweek, suggests Smith of Forbes.com. 


“We test our entire plan seven times a year,” says 
Glenmede’s Voutsakis. “We evaluate our perfor- 
mance for different levels of disaster and various 
kinds of events, including sending staff home to see 
how well they can perform there.” He says that the 
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25% backup of vital 
products; backup supplier 
SOURCE; GARTNER INC.. STAMFORD, CONN 
| problems that can cripple you during an actual disas- 
ter show up only during real-world exercises. 
That was the case at The Members Group. It 
| thought it had plenty of bandwidth to replicate off- 
site. But its Tl lines proved inadequate. For example, 
its SQL database couldn’t be adequately replicated 
because of bandwidth constraints, so it hasn’t been 
| transferred to the IP SAN. Similarly, more than half 
| of the company’s servers remain unmirrored. “We're 
| moving our primary facility in May and will add 
more bandwidth at that time,” says Russell. @ 53856 


and then it hits you:// 


SECURITY ISN’T ABOUT KEEPING 


PEOPLE OUT. IT’S ABOUT LETTING 


THE RIGHT PEOPLE IN. 


Novell 


find out more at novell.com 





28 COMPUTERWORLD April 25, 2005 k TECHNOLOGY 7 www.computerworld.com 


BY ROBERT L. MITCHELL 


HAT STARTED SIMPLY as a way 
to consolidate older, out-of- 
warranty servers has quickly 
turned into a new infrastruc- 
ture building block in Qual- 
comm Inc.’s data center. Virtual machines (VM) 
have risen to become a corporate standard for de- 
ploying and managing x86-based servers at the 
semiconductor maker. “We saved in the seven- 
figure range by not buying servers. Going for- 
ward, we’re continuing to consolidate, and we’re 
pushing everything we can into the virtual 
space,” says Norm Fjeldheim, senior vice presi- 
dent and CIO at the San Diego-based company. 

Server virtualization software allows applica- 
tions to sit side by side on the same physical serv- 
er, yet remain completely isolated, both from one 
another and from the underlying hardware. Ap- 
plications within a VM see a dedicated operating 
system and server. Under the hood, however, a 
VM monitor allocates a share of the physical 
server’s processor, memory and I/O resources 
to each VM. 

Virtualization breaks the link between the 
hardware and the common requirement that ap- 
plications run on dedicated servers. Adding a vir- 
tualization layer adds processing overhead that 
can range from an increase of a few percentage 
points into the double digits. However, most 
servers are significantly underutilized, so consol- 
idation benefits are often dramatic. 

At Qualcomm, which uses VMware Inc.’s ESX 
Server virtualization software, the ratio of VMs to 
physical servers has been as high as 18-to-1. Some 
384 servers now run in VMs that reside on just 35 
dual- and quad-processor machines. In all, 40% of 
the x86-based server applications at Qualcomm 
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run on VMs, and that will increase to 50% in the 
next six months, says Paul Poppleton, senior staff + . S 
engineer atthe company server Virtualization 

As application servers continue to scale out, the 
proliferation of x86-based servers has outstripped 
the ability of administrators to manage them, says 
Nigel Dessau, vice president of virtualization solu- 
tions at IBM. Businesses today have seven times GOOD 
more servers than they did just 10 years ago, but the 
cost of managing them is nine times higher, he says. 
“Virtualization can start tackling that problem,” 
Dessau adds. 

Once dismissed as a neat hack that in-house devel- 
opers used to quickly test software within multiple 
virtual environments, virtualization technology has 
taken hold for tasks ranging from consolidation to 
business continuity and even virtualized symmetri- CI dh Rett 
cal multiprocessing (SMP) systems. 

Early concerns about application support are fad- 
ing. A few years ago, software vendors balked at sup- 
porting applications running within VMs. Bowing to 
user demand, today larger software vendors such as 
Oracle Corp. and Computer Associates International 
Inc. support products running within VMs, and ven- 
dors of smaller, niche-market programs are increas- 
ingly following. “We’re pushing for all of our suppli- 
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UNDER THE HOOD: 


The Soul ofa VirtualMachine 
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ALTHOUGH VIRTUALIZATION TOOLS have similar 
objectives and use a virtualization software layer, called 
a resource manager or hypervisor, to manage virtual 
machines, the basic architectures vary. 

In software-based VMs, the resource manager sits on 
top of a host operating system and juggles the requests 
of multiple guest operating systems loaded on top of 
it (see diagram). Microsoft Virtual Server 2005 and 
VMware GSX Server follow this model. 

Other products, such as Xen and VMware's ESX Serv- 
er, run in a hypervisor that sits beneath the guest operat- 
ing systems and the hardware. Because the software 
layer sits on the “bare metal,” these are sometimes re- 
ferred to as hardware VMs. Direct contact with the sys- 
tem hardware allows the VMs to work more efficiently. 

Other products, such as Solaris Containers in Sun 
Microsystems Inc.'s Solaris 10 and SWsoft Inc.'s Virtu- 


0229, also use a software-based model but eliminate 
guest operating systems in favor of “virtualized operating 
systems,” or application containers. Each application ap- 
pears to have the operating system to itself, but in fact, 
core elements, such as the kernel and system libraries, 
are shared. This approach is more efficient than running 
a full-blown guest operating system in each VM and saves 
on software costs because one operating system license 
can be used for all VMs on a physical server. But there’s 
a catch: Virtual operating systems can support only appli- 
cations that will run on the host operating system. 

IDC analyst Dan Kusnetzky says each approach fits 
a different need. “Those who need power will want ap- 
proaches that are very lightweight. Others are more con- 
cerned about optimizing resources,” he says. “A single 
approach will not fit the need everywhere.” 

~ Robert L. Mitchell 


VIRTUAL MACHINE APPROACHES 


Software VM 
Virtualization software manages 
interactions between the host 
operating system and guest OSs 


ineach VM. EXAMPLES: VMware GSX 
Server, Microsoft Virtual Server 2005 
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Hardware VM 


The virtualization software sits directly aoe ae 


on top of the hardware. May be inte- 
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separate. Less overhead makes it 


more efficient than a software VM. 


grated with the guest OS or be entirely 


EXAMPLES: VMware ESX Server, Xen 
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The host operating system is shared 
between application containers, but 


each application sees its own virtual 
OS. All VMs must run on the same host 


OS. EXAMPLES: Solaris Containers, 


SWsoft Virtuozzo 
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ers to support VMware,” Fjeldheim says. 

Three quarters of ESX Server deployments are in 
data centers, according to VMware, an EMC Corp. 
business unit. Framingham, Mass.-based market re- 
search company IDC expects strong growth in VM 
software between 2004 and 2008, with sales growing 
75%, to $261 million, over the four-year period. Those 
numbers don’t account for the expected growth in 
the adoption of Xen, a free, open-source virtualiza- 
tion program for Linux and BSD Unix servers that’s 
supported by Palo Alto, Calif.-based start-up Xen- 
Source Inc. 


Disaster Avoidance 

Now that virtualization technology has proved itself 
as a consolidation tool for the data center, organiza- 
tions are pursuing new uses, such as VM portability. 
An entire VM can be encapsulated in a single disk- 
image file and quickly deployed on any hardware 
running the same virtualization software. 

“All that’s necessary is to copy the file to a disk or 
tape or send it down the network,” says IDC analyst 
Dan Kusnetzky. “We've seen people use it as a soft- 
ware distribution mechanism.” That portability as- 
pect makes VM technology attractive for business 
continuity as well. 

For example, travel consolidator Fun Sun Vaca- 
tions Ltd. in Edmonton, Alberta, first used Xen VMs 
to consolidate its Linux-based Web application 
servers. Now it uses VMs as a disaster recovery 
mechanism. Because the virtualization software is ab- 
stracted from the hardware, manager of information 
services Derek Larke says he can quickly move a crit- 
ical VM that handles credit card transactions onto 
any available server in the collocation data center. 

“Usually, at the time of disaster, you are working 
with blank hardware with nothing on it. We imaged 
a Xen [VM] and brought it to a blank server, and 
we had it up and going in about 15 minutes,” he says. 
Before, Larke notes, “applications that originally 
would have taken too long to implement in the event 
of a disaster would have to be preconfigured and 
running at the collocation site on their own hard- 
ware.” Now, a single machine can serve as a fail-over 
machine for multiple VMs and can be made available 
for other tasks until needed. 

Qualcomm uses VMotion, a management utility 
from VMware that can slide running VMs onto a 
new physical server with minimal disruption. “We’ve 
been able to move processors onto a different physi- 
cal environment in scenarios where we would have 
lost the processes before. Our service levels are up,” 
says senior staff engineer Paul Poppleton. 

Robert Armstrong, director of technical services at 
hospitality services vendor Delaware North Cos. in 
Buffalo, N-Y., says the ability to move VMs between 
physical systems is also critical for server mainte- 
nance in a virtualized environment. Armstrong used 
VMware to host both Windows and NetWare VMs, 
reducing the data center footprint from 12 racks to 
three. “The maintenance windows shrink dramatical- 
ly when you have eight or nine virtual machines on 
one physical device,” he says. 

Larke says VMware’s management tools are the 
most advanced. “Hands down, VMware is the best 
out there, the way it manages, the way you can throw 
around virtual machines,” he says. But Larke says 
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ESX Server, with management software and support 
for 14 dual-processor servers, would have cost 
$173,000 using products from IBM. Xen requires 
more knowledge to run properly, but it’s free. Given 
the cost difference, the tools with Xen were “enough 
for what we need to do,” Larke says. 


Scaling Up 

While the most common use of virtualization tech- 
nology is to break down the resources of physical 
servers into a series of VMs, it’s also possible to 

go the other way, aggregating server CPUs and 
even sub-CPU VMs into a single, virtualized SMP 
system. 

Carmine Iannace, manager of IT architecture at 
Welch Foods Inc. in Concord, Mass., says the one 
thing he hasn’t virtualized is his collection of Oracle 
database servers, which need at least four proces- 
sors. VMware currently limits VMs to two proces- 
sors each, so he is waiting for quad-processor sup- 
port, which the vendor plans to ship later this year. 

VFe, a product announced by start-up Virtual Iron 
Software Inc. in Acton, Mass., will support up to 16 
processors per VM. The system will initially support 
only Linux VMs; its 16-processor limit reflects the 
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Linux. VFe uses high-speed, low-latency InfiniBand 
host bus adapters and switches to interconnect the 
physical processors. But Iannace worries that taking 
this approach would add too much expense for his 
application. InfiniBand “has to become a commodity 
item to be useful,” he says. 

Another product, Virtuozzo, from SWsoft Inc. in 
Herndon, Va., supports virtual SMPs as large as the 
physical host system. It can support Linux or Win- 
dows Server 2003 VMs — but not both — on the 
same physical hardware. Jack Henry & Associates 
Inc., a Lenexa, Kan.-based developer of 
software for banks, is testing Virtuozzo 
to meet both scale-up and scale-out 
requirements. The company’s system 
architecture includes several compo- 
nents and requires multiple servers. 
Since everything runs on Windows 
Server 2003, Jack Henry & Associates 


date the system onto fewer servers, including virtual 
SMPs that range from two to eight processors. 

“In banks, real estate is at a premium, so the foot- 
print of the hardware is a huge consideration,” says 
Barry LaLone, server platform architect. Because 


maximum SMP configuration currently supported by | Virtuozzo’s technology doesn’t replicate the entire 
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operating system within each VM, the complete sys- 
tem — 12 VMs in all — can run using just two Win- 
dows Server 2003 licenses. With VMware’s scheme, 
LaLone says, he would have had to pay for all 12. 


Virtual Data Center 


Ultimately, virtualization will become just a standard 
layer of the infrastructure stack, predicts Karthik 
Rau, director of product management at VMware. 

IBM has its own virtualization technology for its 
midrange and mainframe systems, and Dessau says 
the company is building tools for a 
world where IT must manage a mix of 
VMs running on mainframe, midrange 
and x86 processors, and where “islands 
of virtualization are interconnected 
across the enterprise.” Tools such as 
Tivoli will manage these resources and 
dynamically configure and provision 
virtualized resources as needed, 
Dessau says. 

But for most users, the immediate benefits are 
what matters. “Virtualization lends itself to virtual 
firewalls, application isolation, all kinds of neat 
things,” says Welch’s Iannace. “It’s a very cost-effec- 
tive, efficient and reproducible approach.” @ 53725 
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That’s the approach taken 
at HP Labs, whether they’re 
looking one year down the 
road or a decade ahead. 
By Gary H. Anthes 
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OU CAN HARDLY pick up 

a business or IT publica- 

tion these days without 

finding someone exhort- 

ing Hewlett-Packard Co. 
to “reinvent” itself. 

Regardless of how, or if, new CEO 
Mark Hurd does that, IT seems likely 
to go on quietly reinventing itself in- 
side HP Laboratories. The labs may get 
only 5% of HP’s total research and de- 
velopment budget, but they’re working 
on a broad array of technologies, from 
data center management tools that are 
expected to find commercial applica- 
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tions next year, to new computer archi- 
tectures that won't hit the marketplace 
for at least seven years, if ever. 

“We try to be out in front of the 
company,” says Robert F. Waites, direc- 
tor of strategic planning at HP Labs 


| in Palo Alto, Calif. “We try to skate to 


where the hockey puck will be, not 


| where it is today.” 


Many of HP Labs’ 700 employees are 


| now skating toward a “reinvention of 


the economics of IT,” one of six broad 


| research areas that includes projects 
| in grid and utility computing, self- 


managing systems, virtualization and 
smart data centers. 

“The most fruitful places to inno- 
vate are now above the commodity op- 
erating system and CPU chips,” Waites 
says. “We have very little work going 
on in CPU architectures, but 20 years 
ago, that was a dominant research 
program.” 


What’s in Store Near Term 
Beth Keer, manager of storage systems 
research, says most IT shops spend 
80% of their budgets on hardware and 
software maintenance. The goal of a 
suite of projects at HP Labs is to knock 
that down by almost half. The key is to 
automate IT tasks such as provisioning 
disk arrays and configuring 


r 
networks, she says. ij 
“There are many steps, and ; FUTURE 


| WATCH } 


if you screw it up, you are 
in big trouble. And because 
these tasks are repetitive and 
complex, they are not a good fit for 
human cognitive skills,” Keer says. 
Projects that attack this problem lie 
in two broad areas: virtualization, and 
automated management and control. 
They include the following: 


= SoftUDC. The software-based Util- 
ity Data Center is a prototype tool for 
virtualizing server, network and storage 
resources. It creates a logical layer 
across disparate hardware and a single, 
centrally managed pool of resources. 

=a FAB. The Federated Array of Bricks 
consists of low-cost, industry-standard 
hardware and proprietary software 
that allows easy provisioning of stor- 
age systems. A “brick” holds a number 
of disks and a CPU controller. Addi- 
tional bricks can be snapped in for 
“capacity on demand,” with the Linux- 
based software automatically striping 
data across the bricks and providing 
for redundancy in case of failure. 
#@SLIC. Statistical Learning, Inference 
and Control tools use pattern recogni- 
tion and probabilistic models to identi- 








fy aberrant system behavior. Research is 
now focusing on forecasting problems. 
= Smart Data Center. This project 
involves figuring out how to better 


| cool ultradense components such as 


blade servers while saving on energy 
costs. “Dynamic smart cooling” uses 
thermal modeling, networked sensors 
and even robots to lower cooling costs 


| by 70%, HP claims. Keer seems unde- 


terred by the technical challenges in 
her work, but she acknowledges some 
doubts on the user front. “There are 
some human factors about people’s 
reluctance to adopt new technologies,’ 
Keer says. “If they can’t see what’s go- 
ing on, do they trust the automation?” 


. 


Longer-Term Goals 

While Keer works on things that have 
one foot in the marketplace, HP Labs’ 
Duncan Stewart is focused on some- 
thing unlikely to have any payoff for 
seven to 10 years. The research physi- 
cist and his colleagues are hoping to 
shrink computers to almost unimagin- 
ably tiny dimensions. 

For more than six years, HP Labs has 
been inventing a radical new approach 
to computing based on crossbar tech- 
nology. HP’s crossbars are molecular- 

scale circuits consisting of 
4 grids of wires whose intersec- 
! tions can be populated, by 
: programming, with various 
devices such as resistors, 
diodes and switches. Several 
years ago, HP showed that these cross- 
bar arrays could be used to make mem- 
ory and very simple logic circuits far 
smaller than equivalent circuits made 
from silicon transistors. 

But HP found two show-stoppers 
on the way to making a practical 
computer: There seemed to be no 
way to restore degraded signals as 
they traveled from one logic gate 
to another and no way to do signal 
inversion, which is necessary to per- 
form the Boolean NOT operation. 
Both functions are a cinch with silicon 
transistors. 

Then, in February, HP Labs an- 
nounced a breakthrough — a way to 
perform both signal restoration and 
inversion using a pair of very simple 
molecular-scale switches combined 
into a crossbar latch. 

“Latches are the glue that holds 
together all of the different pieces of 
memory and logic inside of a proces- 
sor,” Stewart says. “That was the miss- 
ing piece that will enable all kinds of 
computing to be done at the molecular 
scale. We are going to build the small- 
est computer in the world.” 
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Meanwhile, conventional chips will 
become extremely difficult and ex- 
pensive to make as they get smaller. 
A published road map for the semi- 
conductor industry has the smallest 
distances between wires on a memory 
chip shrinking from 90 nanometers 
today to 65nm in 2007, to 45nm in 
2010, to 32nm in 2013 and on down 
from there. 

“What they are going to do 12 years 
from now is mapped out, but they 
don’t have a clue how to do that,” says 
Stewart. “In fact, they think they may 
not be able to do it.” 

The 32nm milestone is “a reasonable 
place for us to inject some of these 
ideas,” he says. The idea isn’t to re- 
place silicon transistors but to build 
certain devices, such as ultradense 
memories, on top of CMOS chips. 
Stewart says HP hopes to eventually 
build crossbar devices smaller than 
3nm. 

Meyya Meyyappan, director of the 
Center for Nanotechnology at NASA's 
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Ames Research Center, says it’s too 
early to say whether HP will succeed. 
“Until today, everyone was doing 


| straightforward silicon CMOS-like 


technology,” he says. “As such, there 
was nothing novel. But the crossbar 
architecture is a novel concept with 
the potential to lead toward future- 


| generation electronics.” 


One application of these Lilliputian 
computers might be to give tiny sen- 
sors, or “motes,” enough processing 
power to perform very compute- 
intensive functions. For example, 
Stewart says, “if I can deliver you a 


| very small computer — a few microns 
| square — that can run on power it 


soaks up from the environment, then 


| things like RFID tags can have cryp- 


tography.” 

Could there be more show-stoppers? 
“The biggest one I’ve seen in research 
labs is economics,” Stewart says, after 
some thought. “When your technology 
is actually ready to go, the market may 
not be ready for it.” @ 53594 
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Firewall Request 
Gets Third Degree 


Our security manager must conduct due 
diligence before allowing a partner com- 
pany to transfer data. By Mathias Thurman 


THER departments 
frequently ask me to 
approve firewall modi- 
fications to allow ap- 
plications to “talk” to one an- 
other. This past week, one of 
the business units asked per- 
mission to open our external 
firewall to enable a business 
partner to transfer data to one 
of our quality assurance (QA) 
servers for testing. 

This request was 
related to our educa- 
tion sales Web site. 
We sell online, in- 
house and computer- 
based training materi- 
als, as well as books 
and other publica- 
tions, all geared toward teach- 
ing customers how to use our 
products. When revenue gen- 
eration is involved, my review 
is more thorough, and that 
was my approach this time, 
even though it was for a QA 
environment. 

I asked to see the network 
diagrams, data flows and the 
nature of the data to be trans- 
ferred. While these are vital 
elements for deciding whether 
an external entity will be al- 
lowed to transfer data to our 
company, | usually ask for this 
information even when the re- 
quest is internal. 

By reviewing the network 
diagrams, I was able to learn 
about the other resources that 
are trusted by the QA server 
and environment. Sometimes 
network diagrams show that 
other critical servers or net- 
works trust the affected sys- 
tem. If a server that’s trusted 
by another sensitive resource 
is compromised, it’s a trivial 
thing for a hacker to take ad- 
vantage of that trust relation- 
ship. For this environment, the 
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QA server was on a segregated 
network shared only by anoth- 
er QA server, which had been 
set up as a standby. 

As for data flows, they depict 
how data moves from one enti- 
ty to another within an applica- 
tion. They usually show infor- 
mation about things such as en- 
cryption, data in transit, data at 
rest and backup. In this case, I 
wanted to understand how the 
data would get from 
the external partner 
to our infrastruc- 
ture, where the data 
would move to with- 
in our environment 
and, of course, the 
nature of the data. 

From a legal and privacy per- 
spective, the nature of the data 


that will be transmitted is prob- | 


ably one of the most important 
factors. The business units al- 
ways play this down, suggest- 
ing that it’s “just some data.” 
But “just some data” usually 
turns out to include private in- 
formation. In this case, there 
were customer names, mailing 
addresses, e-mail addresses 
and phone numbers. We have 
agreements with other ven- 
dors to sell our training mate- 
rials, and this particular re- 
quest entailed the vendor 
sending enrollment data from 
its site, where the training was 


| asked to see the 
network diagrams, 
data flows and the 
nature of the data 
to be transferred. 








purchased, to our site. 

For this application, I insist- 
ed that the data in transit flow 
from the external business 
partner to our QA server over 
an encrypted format such as 
Secure Sockets Layer (the 
HTTPS protocol). And I was 
uncomfortable with the idea 
of all the customer data resid- 
ing in plain text within the 
database, so several of the 
fields have to be encrypted. 

In addition, I ordered a vul- 
nerability assessment to be 
performed against our QA en- 
vironment. The QA environ- 
ment is supposed to mirror 
the production environment, 
so an assessment of the QA 
server would indicate what to 
expect within production. 


Assessing Vulnerability 


The vulnerability assessment 
entails running a couple of 
tools against the QA server. 
The first is Nessus, a freely 
available port scanner that typ- 
ically indicates how vulnerable 
the server is to some common 
threats as a result of configura- 
tion errors, outdated patches 
or other vulnerable services. 
The other is an application 
security scanning tool that 
assesses the application (as 
opposed to the server and op- 
erating system) for improperly 
coded applications or improp- 
erly configured Web servers. 
The vulnerability assess- 
ment found that the only glar- 
ing hole for this application 
was in the Apache Web server, 
which was configured to dis- 
play directory listings. This is a 
common configuration error 
within the Web server soft- 
ware. With directory listings 
displayable, a would-be hacker 
could find some files contain- 
ing sensitive data and gain 
unauthorized access. The fix is 
simple: You create a file called 
-htaccess and place a certain 
directive within that file that 





prevents the directory listing. 
The directive is something 
similar to “IndexIgnore *” with 
the asterisk serving as a place- 
holder for any of many ap- 
proaches to limit access or 
viewing of directories using 
the browser. 

I also asked to see the busi- 
ness partner’s network dia- 
gram. Not surprisingly, the 
company didn’t want to reveal 
its inner workings, so it re- 
quired me to sign a nondisclo- 
sure agreement, which I readi- 
ly did after it was reviewed by 
our legal department. I also 
requested information that 
would assure me that the ven- 
dor’s infrastructure was se- 
cure. In cases like this, I would 
really like to conduct an as- 
sessment of the partner’s site, 
but our legal department has 
said no to that type of thing, 
apparently not wanting to 
chance that we might mistak- 
enly “scan” or run penetration 
testing against the wrong site. 

We could have hired a third 
party to do an assessment for 
us, but the vendor had just re- 
ceived a WebTrust certifica- 
tion. That’s an attestation by 
management that the systems 
in question are protected 
against unauthorized access. 
Typically, a company will hire 
a Big Four consulting compa- 
ny to come in, complete a 
thick questionnaire and run a 
couple of security scans. If 
everything looks good, and 
you've paid your $20,000 bill, 
the consulting firm will allow 
you to put the WebTrust logo 
on your Web site. 

After all was said and done, 
I was satisfied with the results 
from the follow-up assessment 
and I allowed the firewall rule 
change. The next step is to as- 
sess the production instance 
of this application, since I 
can’t assume that the produc- 
tion environment is config- 
ured identically to the QA. DB 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 


p 
Security Manager's Journals, go online to 


@ computerworld.com/secjournal 
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priced from $1,999 to $5,999. 


Security ROI Tool 
CDW Corp. announced a set of 
tools to heip customers make 
network security purchase de- 
cisions. The CDW Security RO! 
Toolkit includes the Security 
Profiler, a Web-based survey 
that compares companies 
with peers of the same size 
and industry on security fea- 
ture deployment and certain 
operational metrics. !t also in- 
cludes the ROI Calculator, an 
application that calculates the 
return on investment and oth- 
er financial metrics for cus- 
tomers deploying a particular 
set of security products. 
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Find the tools and guidance you need for a well-guarded network 


at microsoft.com/security/IT 


+ Microsoft Windows XP Service Pack 2: Download it for 
free and get stronger system control and proactive protection 
against security threats. 


> Free Tools & Updates: Download free software like Microsoft 
Baseline Security Analyzer 2.0 to verify that your systems are 
configured to maximize security. Manage software updates 
easily with Windows Server Update Services. 


> Microsoft Risk Assessment Tool: Complete this free, Web-based 


self-assessment to help you evaluate your organization's security 
practices and identify areas for improvement. 


» Internet Security and Acceleration Server 2004: Download 


the free 120-day.trial version to evaluate how the advanced 
application-layer firewall, VPN, and Web cache solution can 
improve network security.and performance 


Micresoft 
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Dieselpoint Unveils 
Latest Search Tool 


® Dieselpoint Inc. in Chicago has 
announced Version 3.5 of Diesel- 
point Search. Enhancements in- 
clude new indexing and logging 
features, extended support for 
wild-card-based searches, and 
secure search support for sensi- 
tive or confidential data, Diesel- 
point said. The all-Java applica- 
tion is designed to help users find 
information in data repositories 
that include documents, databas- 
es, XML and other sources. 
Dieselpoint 3.5 is available now 
and starts at $20,000 for a mini- 
mum of two CPUs. 


PSS Systems 
Launches AtlasIPM 


@ PSS Systems in Palo Alto, 
Calif., has introduced the Atlas- 
IPM information policy manage- 
ment suite, a set of software sys- 
tems that are designed to help 
companies automate the man- 
agement and enforcement of in- 
formation policies. The software 
assists with the retention, dispo- 
sition, preservation and produc- 
tion of data stored on PCs and file 
servers, the company said. It in- 
cludes Policy Atlas, a centralized 
policy repository, and Policy 
Point, a software agent that can 
be synchronized with Policy Atlas 
to determine when and how to 
dispose of a record. AtlasIPM 
runs on Windows and Linux and 
is priced starting at $100,000. 


Archiving Tool for 
Siebel Apps Ships 

® Princeton Softech Inc. in 
Princeton, N.J., announced last 
week that it will be launching 
Archive for Servers Siebel Edi- 
tion, as well as enhancements to 
Archive for DB2 PeopleSoft. 
Princeton said the new edition al- 
lows users to archive data from 
Siebel application families such 
as Call Center and is targeted at 
companies that want to employ a 
tiered data-storage architecture. 
Archive for Servers Siebel Edition 
starts at $50,000 retail. 
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t exe About 


SAN JOSE-BASED medical practice re- 
cently notified about 185,000 current and 
former patients about the theft of their 
personal information. Stored on two com- 
puters, the data was stolen from the med- 
ical office during a burglary that occurred March 28 


[QuickLink 53707]. 


Under California law SB 
1386, the medical group was 
required to publicly disclose 
the computer security 
breach because the confi- 
dential information of Cali- 
fornia residents may have 
been compromised. Unfortu- 
nately, that law promises to 
teach both businesses and 
the public plenty of lessons 
about insufficient security 
practices like those high- 
lighted in the San Jose case. 

Let’s face it: Hardware and 
software are usually less secure when 
they’re located in an open workspace 
than they are when they’re located in 
a separate computer room. Security is 
further decreased when the hardware 
and/or software is used within a network 
of computers that aren’t housed at a sin- 
gle location. And the level of vulner- 
ability is even higher when the network 
extends beyond the organization’s 
premises. Some assets — like hardware 
devices and data and software that are 
stored on file servers, PCs or removable 
media like tapes and disks — need to be 


secured physically. Part of physical secu- | 


rity is ensuring that only authorized per- 
sonnel are permitted to transmit data 
and access devices on LANs. 

The National Computer Security Cen- 
ter’s “Glossary of Computer Security 
Terms” defines physical security as “the 
application of physical barriers and con- 
trol procedures as preventive measures 
or countermeasures against threats to 
resources and sensitive information.” 

According to security expert and au- 
thor Kevin Beaver, CISSP, “You cannot 


have any sense of informa- 
tion security if you don’t im- 
plement proper physical se- 
curity measures.” 
Unfortunately, IT depart- 
ments may disregard physi- 
cal security, fearing that it’s 
too expensive or too much 
of a burden. But effectively 
controlling physical access 
to an organization’s facilities 
should be the security staff’s 
top concern. 
When it comes to physical 
security, most organizations 
use one or a combination of mecha- 
nisms. Security guards are at the front 
line and should be trained to restrict the 
removal of assets from the premises. 
Among other things, they should be 
trained to record the identity of anyone 
removing assets. In addition, an autho- 
rization procedure should be established 
for those occasions when removing 
hardware and software from the premis- 
es is necessary. 

A traditional lock is, of course, one of 
the simplest ways to secure physical ac- 
cess to IT assets. This ubiquitous securi- 
ty system has effectively impeded access 
for centuries. While it’s decidedly low 





simple and doesn’t cost very much. If 
| you wish to add another layer to this se- 


| curity model, you can use keys that can’t 
| be duplicated or build “mantraps” in 


| which those who wish to gain entry 

| must pass through two doors, so only 
one person can enter at a time. 

| Electronic key cards are another good 

| option, and they provide a higher level 


CCUrT 
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| of security than the traditional lock-and- 


key approach. With this technology, a 
user gains entry by swiping an electroni- 
cally coded plastic card through a mag- 
netic badge reader. An advantage of key- 
card systems is that they eliminate some 
of the management problems that arise 
when you use locks and keys. For exam- 
ple, if an employee quits and walks off 
with his card, you don’t have to change 
the locks; you just deactivate his card. 

Perhaps the most intriguing approach- 
es to physical security are those that uti- 
lize biometrics. Biometric authentication 
involves the examination of physical 
traits of users. The examined feature is 
compared with stored reference data. 
Identifiable traits include fingerprints, 
hand geometry, voice patterns, facial pat- 
terns, and iris and retina patterns. Bio- 
metrics, or at least the promise of the 
various technologies involved, is cur- 
rently at the forefront of thinking about 
authentication. But organizations have 
been slow to adopt biometrics, partially 
because the products available can be 
expensive and aren’t as foolproof as they 
should be. 

Remembering that control procedures 
are necessary for all of the hardware and 
software you use will go a long way to- 
ward protecting less-secure environ- 
ments. Of course, the level of access con- 
trol you choose will have to be adjusted 


| depending upon the sensitivity of the 


data being accessed. Other variables in- 


| clude the significance of the applications 
| processed, the cost of the equipment and 
| the availability of backup equipment. 


Because laptops are portable and 


| hence targets for theft and misuse, they 
| must be included in the security policy 
tech, this approach nevertheless remains | 
| appealing to those on a budget, since it’s 


equation. Again, their location and the 


| amount of sensitive data they contain 
| will determine how much physical secu- 


rity they require. 
This may sound basic, and it is. But 


| any comprehensive security plan has to 


start with physical security. @ 53844 
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interim ClOs play many 
roles, from savior to 
enforcer, but good 

cop or bad, they act 
quickly and move on. 


BY MARY K. PRATT 





ETE SHELKIN’S tenure as CIO 

at San Juan Regional Medical 

Center lasted four months, a 

short stint even by today’s 

fast-paced standards. Still, 

Shelkin achieved his goal, 
which was to devise a plan to push the Farm- 
ington, N.M.-based hospital’s IT operations to 
a new level of performance. 

Most CIOs would want more time to tackle 
such a task, but Shelkin figures the brevity of 
his assignment helped him. “When you're 
coming in as an interim [CIO], you’re looking 
to figure out what the organization needs 
done and get it done quickly without setting 
your own tone,” he says. 

Despite the fleeting nature of their work, 
temporary CIOs like Shelkin say they’re ex- 
pected to do much more than 
taker services. They’re often hired to turn 
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Inside View 


PAUL M. LEMERISE has worked for 
start-ups and multibillion-dollar corpora- 
tions during his 30-year career. His experi- 
ence spans all aspects of IT. 

Now he's on the market, looking to rent 
out his expertise. 

A partner at Tatum Partners, Lemerise is 
no longer interested in a permanent execu- 
tive position. 

He has his reasons. “I like the challenge 
of things being messed up,” he says. 

That's a common sentiment among 
those who ont for temporary CIO assign- 
ments. They say companies frequently 
need interim ClOs when IT departments 
are in disarray. The challenge of setting the 
IT groups straight draws them to the work. 

“| really like the idea of getting in, help- 
ing them and then getting out of the way,” 
says Tom Costello, president and CEO of 
UpStreme. 

Costello has served as a temporary CIO 
seven times since 1998. His assignments 


around departments, develop strate- 
gies and drive change. As tough as that 
can be for full-fledged executives, 
those in interim positions say their 
jobs come with extra challenges that 
demand a separate set of skills. They 
say they’re fully up to the task. 

“A temporary CIO needs to be a 
politician, analyst and therapist,” says 
Tom Costello, president and CEO of 
UpStreme Inc., a consulting firm in 
Malvern, Pa. 

That’s just the start. Interim CIOs, 
like their permanent counterparts, 
must understand how technology sup- 
ports a company’s business goals, ex- 
perts say. But because of the job’s con- 
densed time frame — temporary CIOs 
say the length of their assignments 
ranges from a few weeks to more than 
a year — they must be able to move 
more quickly than permanent execs. 

Paul M. Lemerise, a partner at 
Atlanta-based Tatum Partners LLP, 
started in January as interim CIO at 
Pharmavite LLC, a Northridge, Calif.- 
based vitamin manufacturer and dis- 
tributor. He has already restructured 
Pharmavite’s IT organization. 

But Lemerise says the ability to act 
quickly is only one of the skills he 
needs. Prior experience is a must, and 
experience with turnaround situations 
is also crucial. “Otherwise,” he says, 
“you'll fail miserably.” 

Still, temp execs say that’s not 
enough. They must bridge business 
and technology, handle staffing issues, 
oversee projects and deployments — 





have lasted about four months on average. 
The money isn’t bad, either. Several 
temporary ClOs put the earnings of those 
in the field at one and a half to three times 
those of their permanent counterparts. 
But, they stress, that’s not what keeps 
thern looking for those temporary jobs. 
Pete Shelkin works both at his own com- 
pany, Shelkin Consulting LLC in Yellow 
Springs, Ohio, and as an associate at Al- 
liance Information Management Inc.. a Far- 
go, N.D., consulting firm. He recently served 
four months as interim CIO at San Juan Re- 


walking into a situation that’s not at its best 
and helping get it to a state where it is run- 
ning its best,” he says. “When things are 
running smoothly, | get bored.” 

- Mary K. Pratt 


the usual tasks of any CIO — but with 
neither an in-depth understanding of a 
company’s history nor a network of fa- 
miliar co-workers. 

Marc Grossman, president of New 
York-based Smart Solutions for Health 
Care, places CIOs into interim posi- 
tions in the health care industry. He 
does his homework before matching 
executives with clients. 

He recently placed a temporary CIO 
at a 250-bed facility in the Northeast. 
Before making the placement, he asked 
a host of questions: Why did the previ- 
ous CIO leave? Does the CIO report to 
the CEO or chief financial officer? 
What’s the CEO’s management style? 

Grossman chose a colleague who so 
far seems to be the right fit: The indi- 
vidual has a strong technical back- 
ground, is familiar with the hospital’s 
systems and will be able to implement 
plans without ruffling feathers. 

That last trait is often critical, ex- 
perts say. Temporary CIOs must deal 
with a tangle of personal and profes- 
sional dynamics unique to their situa- 
tions. Consider, for example, working 
in the top IT spot after the previous 
CIO was fired. “You're dealing with 
people who are friends of the CIO, en- 
emies of the CIO and constituents of 
the previous CIO,” Costello says. “All 
these people are getting in the mix.” 

Given that, Lemerise says, interim 
CIOs must learn to use their influence 
quickly and effectively. “You have ab- 
solutely no span of control; you have 
tremendous span of influence,” he says. 
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Someone skilled at influencing is a 
valuable asset, says Larry Johnson, CIO 
for the government of South Carolina. 
“When you're in an interim position, 
you have to be able to facilitate agree- 
ment among different parties. As an in- 
terim, you don’t come in with a huge 
stick,” he says. 

When Johnson needed an interim 
CIO at a state agency, he named a 
woman who had been running an ap- 
plication development organization for 
a different state office. “This is an 
agency that wanted change,” he says, 
explaining that the woman has been 
charged with developing a plan to up- 
grade the agency’s infrastructure. 

“She has some built-in credibility be- 


| cause she comes in from the outside,” 


he explains. “She can move forward 
change and get people moving without 
worrying too much about whether this 
person’s going to hate me in a year.” 

Johnson also says he picked her 
because she’s good at getting people 
to talk. 


Bad Cop 


Other interim CIOs say that they’re 
brought in specifically to be the “bad 
guy” — to get in, push through change, 
then move on so the permanent CIO 
can come in with a clean slate. “Orga- 
nizations look to the interim CIO to do 
some of the dirty work,” Shelkin says. 
“Bringing about change, you may cre- 
ate some enemies along the way. There 
just may be no easy way to get things 
done without having people hold 
grudges later. So having an interim guy 
come in — it’s sort of ‘good cop, bad 
cop.’ The permanent CIO can come in 
without any of the baggage of having 
made choices that were unpopular 
with some people.” 

Steve Fleagle became interim CIO of 
the University of Iowa in Iowa City in 
January 2004, a promotion from his job 
as director of telecommunication and 
network services. He expects to stay on 
as interim until July, although he’s also 
a candidate for the permanent post. 

Fleagle sees limits to the amount of 
strategic change a temporary exec can 
— or should — undertake. “I'd hate to 
take the organization off in one direc- 
tion and then have the next CIO take it 
off in another direction,” he says. 

Budget decisions illustrate his point: 
Fleagle struggled when he had to make 
cuts, trying to figure out what effect 
his choices would have on the strategic 
options he’d leave for his permanent 
replacement. 

Despite the limits inherent in his 
temporary post, Fleagle says the uni- 
versity had no choice but to fill the 





CIO spot — even if it was with a tem- 


porary leader. 

“T think that we’ve been steadily 
building momentum in the past 10 
years,” he says, “and my role is to con- 
tinue the momentum.” @ 53626 





Pratt isa Computerworld contributing 
writer in Waltham, Mass. Contact her at 
marykpratt@verizon.net. 


ON-DEMAND Cl0s 


Do you need an IT chief on a part-time basis? You're 
not alone. Go to our Web site to learn more 


eg QuickLink 53629 
www.computerworld.com 


DISSENT! 


OPINION 





aE) 
interim ClOs, not everyone is sold on 
the concept. F 

Me Ce me mem Ul 
SCC aU RUM meee UL) 

CN eS lemme m rma UL) 
person to add value from a strategic 
position,” says Umesh Ramakrish- 
nan, Cleveland-based vice chairman 
of Christian & Timbers, a New York 
executive search firm. 

Ramakrishnan says companies 
shouldn't use temporary CIOs for 
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Michael Gerrard, an analyst at 
Gartner Inc., agrees that the value of 
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In a nutshell, how did the "60s counterculture contribute to 
the development of personal computing? Technologies 
don’t happen in a vacuum. They’re shaped by the 
society and the politics and all kinds of things. There 
was a remarkable convergence around Stanford in 
the ’60s — an intersection of counterculture, people 
developing a new technology and politics, and it was 
all tied together in a remarkable way. 

The shaping of the PC industry is about values — 
about a collision between the profit motive and the 
urge to share that has defined the industry and the 
entire digital world. It’s a remarkable collision, and it 
began at the moment that the PC industry began. 


I think that readers will be amazed at the amount of LSD 

use among computer engineers of Northern California’s 

Midpeninsula area at the time. Was that just part of the 
Continued on page 44 
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The Crucible | 


Of CULTURE 


It is not a coincidence that although it was at the periphery of 

the established computing world, California is where personal 
computing first emerged. For most of its history, the computing 
establishment had been centered in the upstate New York main- 
frame factories of IBM and in the research laboratories and the 
emerging high-technology world surrounding MIT and Cambridge. 
Beginning in the 60s, however, the Midpeninsula, a relatively small 
region located between San Jose and San Francisco, became a 
crucible not only for political protest and a thriving counterculture 
but also for a new set of computing paradigms. 

An argument can be made that the seeds of personal computing 
were planted simultaneously on both the East and West coasts. 
Certainly the idea of a single-user computer was alive around Route 
128 in Massachusetts as well as on the Midpeninsula in the 1960s. 

With figures like Ivan E. Sutherland, Vannevar Bush, J.C.R. Lick- 
lider, Robert Taylor, Theodor Nelson and the computer hackers at 
MIT, all of the intellectual ingredients for personal computing exist- 
ed on the East Coast. Why, then, did the passion for the PC and lat- 
er the PC industry emerge first around Stanford? 

The answer is that there was no discrete technological straight 
line to the personal computer on the East Coast. What separated the 
isolated experiments with small computers from the full-blown birth 
of personal computing was the West Coast realization that computing 
was a new medium, like books, records, movies, radios and televi- 
sion. The personal computer had the ability to encompass all of the 
media that had come before it and had the additional benefit of ap- 
pearing at a time and place where all the old rules were being ques- 
tioned. Personal computers that were designed for and belonged to 

single individuals would emerge initially in concert with a counter- 
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cultural wallpaper, or did it actually affect the development of 
personal computing? There was a search for ways to ex- 
pand the mind that took a variety of forms — every- 
thing from drugs to Doug Engelbart’s development of 
Augment, the information retrieval system that’s the 
precursor for all the work done at [the Palo Alto Re- 
search Center], which was the precursor for all the 
work done at Apple and Microsoft. That’s a direct 
line. And Augment was an exam- 
ple of Doug’s passion to build a 
tool to augment human intelli- 
gence. That happened at the same 
time there was a lot of exploration 
of some of the limits of human 
consciousness. Some of it shows 
up in psychedelic drugs, some in 
ese tools, some in Zen and EST 
at was all happening in the same 
he, and it’s impossible to unwind 
em. A community of people was 
doing all kinds of experimenting 
with technology and psychedelics. 


One of your recurring themes is what 


culture that rejected authority and considered the human spirit as 
able to triumph over corporate technology, not be subject to it. 

The East Coast computing culture didn’t get it. The old comput- 
ing world was hierarchical and conservative. Years later, after the 
PC was an established reality, Ken Olson, the founder of minicom- 
puter maker Digital Equipment Corp.., still didn’t get it: He publicly 
asserted that there was no need for a home computer. 

In the 60s, the community surrounding Stanford University was 
a bundle of contradictions. Outwardly, it was a sleepy college com- 
munity, but there had long been a Bohemian fringe in the Bay area, 
and in the ‘50s and early ‘60s there was an undercurrent that ran at 
cross-purposes to the middle-class mainstream. The Bohemian 
spirit embodied by Dean Moriarity in Jack Kerouac’s On the Road 
animated a tiny counterculture. 

It's easy to forget how different attitudes were toward drugs dur- 


| ing the '60s. LSD, in particular, has become an incendiary subject. 


Demonized today, its impact is glibly dismissed. Yet four decades 
ago, LSD was a defining force in a cultural war. 

For those who grew up during the 1960s, the 
decade is still a touchstone, having transformed 
everyone who lived through it - and that is especially 
true for many of the computer scientists, entrepre- 
neurs and hackers. 

Over a span of three decades, much of the original spirit of the 
‘60s has been lost. For many today, the era serves almost as a 
historical Rorschach test: either an idealistic moment in time or a 
target for a conservative pundit to rail against. 

The ‘60s serve a similar function for attitudes about information 
technology. Today, the modern computer industry has become divid- 
ed into two warring camps: On one side, giant Microsoft champions 
the private ownership of information. Software, the company believes, 
is a commodity to be bought, sold and jealously guarded. Opposed 
to Microsoft are the growing legions of computer programmers who 
have formed an open-source movement that is committed to the 
idea that information should be free and that shared software can 
be used to animate increasingly powerful computers. 

The schism between information propertarians and information 
libertarians divides not only the computer industry but increasingly 
the entire digital world, affecting the consumer electronics, record- 
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you call the fault line between the profit motive and the con- 
viction that information should be shared freely. Did that ten- 
sion affect the early development of the PC? It was so much 
a part of stuff that happened at the MIT AI lab and 
later at the Stanford AI lab and later at the Homebrew 
Hobbyists Club. It was the spark that set off the com- 
puter industry. [Steve] Wozniak designed the Apple I 
just to have a computer to share with his friends at 
the Homebrew club. Steve Jobs understood there 
could be a market for that and created the Apple II. 
You can see the tension in the relationship between 
Jobs and Wozniak, and it was writ large in the club. 


Is that tension still affecting progress in information technol- 
ogy? Yeah. Ask Bill Gates what his principal competi- 
tion is, and he’ll say the open-source community. Not 
only is Microsoft embroiled in that same tension, now 
as the entire world becomes digitized, that tension is 
spreading everywhere: the sciences, entertainment. 
It’s ironic that with the fall of communism we 
thought the world would be this uniform capitalist 
place, but it turns out there’s this alternative eco- 
nomic approach that is probably going to define the 
next two or three decades. @ 53605 


ing and motion picture industries. The defenders of information as 
private property make the case that unregulated information avail- 
ability, whether in the form of file sharing or in the doctrines of the 
open-source movement, is a fundamental threat to the industry as 
well as innovation. Led by Microsoft and the recording and film in- 
dustries, there is a great cry that the vandals are at the gates and 
that information sharing is the digital-age equivalent of the threat 
communism posed to developing industrialism in the nineteenth 
and twentieth centuries. 

When societal benefits are weighed against those of private in- 
terests, however, the consequences of allowing information to be 
shared without restriction become more nuanced. Consider the roots 
of Silicon Valley. The transistor was invented at AT&T's Bell Labora- 
tories in New Jersey, but the giant telecommunications company 
was later forced to license the invention freely under the terms of an 
antitrust settlement with the Justice Department. The Valley's very 
existence - the product of the most dramatic technological and en- 

trepreneurial boom in the nation’s history - was made 
possible by the enforced availability of the transistor. 
Likewise, the hacker's ethos of sharing information 
lies at the very heart of the explosive growth of the 
personal computer. It is not a coincidence that, during 
the 60s and early ‘70s, at the height of the protest 
against the war in Vietnam, the civil rights movement and wide- 
spread experimentation with psychedelic drugs, personal comput- 
ing emerged from a handful of government and corporate-funded 
laboratories, as well as from the work of a small group of hobbyists 
who were desperate to get their hands on computers they could 
personally control and decide to what uses it should be put. 

Science fiction writer William Gibson has said, “The future’s al- 
ready arrived; it’s just not evenly distributed yet.” That observation is 
particularly true of a tiny microcosm that was as localized but has 
become as influential in the world as fifteenth-century Florence was 
when it gave the world the Renaissance half a millennium ago. 


@ 53606 


Reprinted by arrangement with Viking, a member of Penguin Group 
(USA) Inc., from What the Dormouse Said . . . by John Markoff, 
copyright 2005 by John Markoff. 





www.computerworld.com 


story about the soft job market, but 
they did say that hiring is picking up. In 
fact, one company vice president said 
she would be hiring more than 100 
people this year. 

As for certifications, they may be 
helpful if 1) in the process of getting 
certified you acquire skills that you 
don't already have and those skills are 
in high demand, or 2) the certification 
alone is impressive enough to move 
you far up the list of the 500 to 1,000 
candidates who are applying for the 
jobs that you mentioned. 

| would prefer that you reconsider 
your tactics and take a different 
approach to finding your next job - 
one that is tactical and then strategic. 

Start by doing a self-assessment 
and identify all of the IT positions that 
may be similar to or extensions of 
what you've done in the past. Then 
work with a recruiter to understand 
what skills are in high demand in 
your area. Match your list with the 
in-demand list and create a plan to 
fill in the gaps. You might need only 
a week or two of training to get there. 
Don't be afraid to take any reasonable 
job to become employed. It's easier to 
find a job if you have a job. 

For the long term, you will need to 
rethink your career path. There are 
many hot areas in IT with high de- 
mand and long-term potential, such as 
IT security, compliance and document 
management. Also consider which in- 
dustries are high-growth areas for IT. 
Matching a highly sought-after skill in 
a high-growth industry, such as health 
care, should yield even better results. 
More extensive education is required 
to make this type of move, but it will 
be worth it. Best of luck. 


PSs ee) 
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L | Wells Real 
Estate Funds, Duluth, Ga. 


Cohen is this month’s guest 
Premier 100 IT Leader, an- 
swering an unemployed 
reader’s question about the 
value of certifications. 


you'd like to pose to one 
of our Premier 100 IT Lead- 
ers, send it to 


, and 
watch for this column each 
month. 


| have 15 years’ experience in IT 
administration - mainframe, file 
servers, network and heip desk, 
for example - but have been out 
of work for two years. Here in the 
Seattle area, about 500 to 1,000 
workers respond to every ad for 
an IT job. | have a bachelor of sci- 
ence degree in electrical and 
computer engineering. Might cer- 
tifications help me land a job? 

| recently attended Computerworld's 
Premier 100 IT Leaders Conference 
and met several colleagues from the 
Seattle area. All corroborated your 
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PEOPLESOFT INC. co-founder David A. 
Duffield has established a fund to aid for- 
mer employees who were laid off as a 
result of Oracle Corp.'s takeover of the 


last year had a net worth of $1.3 billion, 
according to a Forbes magazine estimate, 
- has pledged several million dollars to 
the fund. 

Laid-off workers who haven't landed a 
new job after three months and whose 
salaries at PeopleSoft were below 
$150,000 a year are eligible for as much 
as $10,000 in emergency assistance. 
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David Ogden, a former PeopleSoft 
marketing executive, is managing the 
effort, known as the Safety Net. “We have 
no idea if we're going to get three appli- 
cations or 300,” the Journal quotes 
Ogden as saying. “We hope to find the 
people most in need and help them.” 

Only one former employee has applied 
so far, according to Ogden. Applicants 
are asked to fill out a four-page form 
about their needs, which is then reviewed 


tives at PeopleSoft have been kept by 
Oracle, but most administrative and 


marketing positions were eliminated. 


Rosy Outlook at Fast-Growing 
lech Companies 


How much will your 
workforce grow in the 
next 12 months? 


None:itwil 9 I ¢ L10190-200% 


decline 1% | 2% 


Nochange | Over 200% 
4% 2% 


AN ONGOING STRAW POLL being con- 
ducted by New Jersey think tank EraNova 
Institute has so far found that more know!- 
edge workers rank themselves as being 
poor or rich than as doing just OK. Of the 
poll's first 209 respondents, 27.3% had 
rated themselves as “poor” (not making 
enough to pay the bills), 46.9% had rated 
themselves as “middle” (earning enough to 
get by), and 25.8% had rated themselves 
as “rich” (making enough to save and 
splurge). “More than one in four are telling us 
they're not making enough to live on,” says 
institute director Richard W. Samson. “Are 
we moving toward a rich/peor 
economy, in knowledge work as 
well as society as a whole?” 


Brice) 
active and may be 
eLCU PURI re Lt 


How confident are you that your 
company will sustain its high level 
of growth over the next 12 months? 


e—— Very confident 


Somewhat 
e@— confident 


L Pessimistic 
Extremely confident 


EraNova is planning a formal study to in- 
vestigate whether the wealth gap is increas- 
ing among the highly educated in the U.S., 
as it has been among the general popula- 
tion. If it is, says Samson, then changes of 
many types will be indicated - changes in 
social policy, education, business manage- 
ment and recommended career pursuits. 

“The prevailing assumption,” he says, “is 
that higher-level skills will fix our employ- 
ment problems. If you've been laid off, just 
upgrade yourself at a community college or 
grad school. But what if that assumption’s 
wrong? What if, as many high-tech people 
with Ph.D.s are telling us, there's a 
wealth gap no matter what your 
skill level?” @ 53656 
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Diversity 

@ May 9-11, New York 

Sponsor: The Conference Board 
The Annual Diversity Conference: The 
Diversity Performance Factor looks 

at the latest research, practice and 
implications of the multicultural mar- 
ketplace. Topics include succession 
planning and leadership competence, 
strategy development, recruitment 
and development strategies, global 
diversity and generational differences. 
www.conference-board.org/ 


conferences/ 


Security 

@ May 11, San Francisco 
Sponsor: IDC 

Security Forum West: Investigating the 
Next Frontiers in Security and Busi- 
ness Continuity includes topics such 
as operating in a corporate environ- 
ment without traditional “hardened” 
borders, dealing with hostile user be- 
havior and malicious code eradication, 
and key components of a comprehen- 
sive tool set to combat present and fu- 
ture threats. www.idc.com/events 


Supply Chain 


@ June 1-3, Scottsdale, Ariz. 
Sponsor: AMR Research Inc. 
2ist Century Market Leadership: The 
Marriage of Innovation, Operational 
Excellence and Technology focuses 
on demand-driven supply networks 
(DDSN). Topics include the connec- 
tions between DDSN and stock mar- 
ket value, product innovation, supply 
strategy and demand management. 
The conference also looks at opera- 
tions strategy, lean manufacturing, 
risks in global trade, and supply 
chain performance management. 
www.amrresearch.com/events/ 


BPM 


@ June 8-9, Boston 

Sponsor: Delphi Group 

The Business Process Management 
Bootcamp includes workshops on 
how to pick a process, process prioriti- 
Zation, orchestration aind visibility, 
defining business logic, business rules, 
the BPM market landscape, differenti- 
ating software products and project 





planning. www.delphigroup.com/ 
events/bootcamp/ 
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The Hard Facts 
About Process 


N MY 22 years in IT, I’ve learned that companies 
and people repeat the failures of others, and one 
of the most often repeated mistakes is the failure 
to follow standard processes. 

Good, basic, updated written processes are a 
proven method for doing quality IT work. If you don’t 
believe it, try this: Take a piece of paper, write down 
some complex notes, and put it away for a month. 
Then take it out. Which will be more exact — your 


memory, or the “memory” 
on the piece of paper? If 
you had a book with 300 
pages in it, could you re- 
member the content per- 
fectly and recite it a month 
later? Most people couldn't. 

In complex situations, we 
tend to forget steps. If you 
doubt this, just look at the 
number of computer pro- 
gram defects produced and 
the project overruns they 
cause. 

Why do we record things? 

One reason is to pass on knowledge. 
That way, the next person doesn’t have 
to relearn what we already know. Why 
follow a written process or checklist? 
Because it’s documented wisdom you 
don’t have to relearn. 

Look at your most recent project is- 
sue lists. How many problems could 
have been avoided through the use of 
checklists? How much time, effort and 
money might that have saved? 

Granted, the time it takes to follow 
processes may sometimes increase 
costs on small projects. If you weigh 
the losses due to process on small 
projects versus the gains on large proj- 
ects, however, you'll find that process 
is still cost-effective. 

Here are some other objections I 
have often heard about following writ- 





ten processes: 

“My ad hoc process is fine.” 
I hear that a lot, but it’s 
rarely true. Those who 
rely on personal “perfect” 
memory are missing out 
on the combined wisdom 
that’s codified into the 
written process. The num- 
ber of defects that result 
from following an ad hoc 
process will almost cer- 
tainly be greater than 
those from following a 
written process. 

“I'm an expert. | make few mistakes, and 
checklists are a waste of my time.” Sure 
you're an expert, but do you have a 
photographic memory? Remember 
that 300-page book. Regardless of your 
subject knowledge or years of experi- 
ence, your memory won’t be perfect. 

It’s true that a senior person avoids 
more pitfalls than a junior person. 
Still, experienced airplane pilots 
wouldn’t dream of taking off without 
a checklist. No length of experience 
gives pilots sufficient memory to not 
need some form of written process 
for takeoffs and landings, and they’re 
smart enough to realize that. 

“Following processes takes longer and costs 
more than repairing the defects that may result 
when processes aren't followed.” Another 
illusion. Studies have shown how de- 





fects within projects cause overruns. 
IBM’s “Rule of 10” shows that simple 
errors in the beginning of a project, if 
not discovered until the project goes 
into production, can cost tens or hun- 
dreds of thousands of dollars per de- 
fect to repair. Based on that study, just 
one defect found early enough would 
make following written processes 
cost-effective. 

“Many processes are impossible to follow.” 
Yes, it’s possible to write processes that 
are so generic that they apply to noth- 
ing. But that’s a failure of the writer, 
not the concept. Yes, there are plenty 
of examples of old processes that no 
longer provide value and have become 
excellent jokes. But those represent 
failures to capture continuous learning 
and embed it in the process. 

Processes must be updated with 
new learning each time they’re used. 
Companies that expect processes to 
remain static in a changing world are 
setting themselves up for failure, but 
again, this is a failure in documenting 
continuous learning, not a failure of 
process itself. 

“| have deadline pressures, so | can’t take 
the time to use checklists.” Without writ- 
ten processes, your limited memory 
may cause you to make a mistake. 
History demonstrates that someone 
will forget something somewhere. 
You’re gambling that your mistakes 
will delay you less than the process 
would have, but remember the IBM 
Rule of 10: As you get closer to com- 
pleting the project, the cost of early 
mistakes gets higher. By the time you 
realize that you’ve lost the bet, all you 
can hope for is that no one reminds 
you about the checklists you ignored. 
@ 53603 
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PYO! BUSINESS UP AND RUNNING WITH EMC BUSINESS CONTINUITY SOLUTIONS. 
E pI vides a broad range of software, services, and systems built for your needs today, and the flexibilty to add 
ty and capabilities tomorrow. Whether it’s reliable backup and restore, or realtime, multi-site replication, 
yeneip you make business continuity a reality. Ensuring your information and applications will always be there 
er you need them. To learn more, visit www.EMC.com/continuity. 





IT;|Careers 


Project Manager (Orlando, 
FL). Expanding hospitality 
and business management 
company seeks software pro- 
fessional to plan, manage, 
and maintain various Internet 
and business system projects 
through project life cycle 
Prior project and resource 
management experience uti- 
lizing web/Internet technolo- 
gies helpful Competitive 
salary. Mail resume to Avista 
Management inc., 5353 
Conroy Road, Suite 200, 
Orlando, FL 3281. Attn: Sofia 
Barnes 


Software Engineer (Orlando, 
FL). Technology company 
seeks software professionals 
to develop, and manage net- 
works and systems by utiliz- 
ing knowledge of Java, 
JavaScript, C, C++, PASCAL, 
HTML, CISCO 7204, Real 
Media Technology and DNS 
Server. Extensive Knowledge 
in ColdFusion, SQL Server; 
2000, Netscreen Firewalls, 
and BiG-IP Loadbalancers 
preferred. Competitive salary. 
Mail resume to 
Management _inc., 
Conroy Road, Suite 200, 
Orlando, FL 32811. Attn: Sofia 
Barnes 


Programmer Analysts & Network 
Engineers for Chicago, IL. P/A: 
Design & Develop software 
applications using Oracle, XML, 
UML, C++, Sybase, Interwoven, 
Cooigen, ClearCase, Clear- 
Quest, PVCS, UNIX. Bachelors 
or Eqv req'd in Computers, Eng, 
Math or related field of study +2 
yrs of related exp. May be relo- 
cated to various unanticipated 
locations throughout the United 
States. N/E: Responsible for 
troubleshooting, support, de- 
sign, security, documentation, 
equipment configuration & per- 
formance of networks. Must! 
have expertise relating to SAN, 
Solaris, HP, Windows, Admin, 
Analyst, Veritas, Checkpoint 
Masters or Eqv.** req'd in Com- 
puters, Eng., Math or related 
field of study + 1 yr of related 
exp. (**Eqv.: Bachelors or Eqv. + 
5 yrs of progressive related work 
exp). 40 hrs/Wk. Must have le- 
gal authority to work permanent- 
ly in the U.S. Send resume to 
HR, Infobahn Softworid, Inc., 10 
SouthRiversidePlaza, Ste.1800, 
Chicago, IL 60606. 


Software Engineers for Kan- 
sas City, MO. Design, develop 
& test software using Java, C, 
C++, VB, Winrunner, Tuxedo, 
Eclipse, Corba, RMI, RUP. 
Masters or Eqv.** req'd in 
Computers, Eng., Math or 
related field + 1 yr of related 
exp. (**Eqv.: Bachelors or! 
Eqv. + 5 yrs of progressive 
related work exp). 40 hrs/Wk. 
Must have legal authority to 
work permanently in the U.S 
Send resume to HR, Spec- 
trum Informatics, Inc., 10116 
N Bradford Ave., Kansas City, 


Software Engineers for Santa 


Java, C, C++, VB, Winrunner, 
Tuxedo, Eclipse, Corba, RMI, 
RUP. Masters or Equivalent** 


+ 1 yr of related exp. (**Eqv. 
Bachelors or Eqv. + 5 yrs of pro- 
gressive related work exp). May 


De La Cruz Blvd, Suite #108, 
Santa Clara, CA 95054. 


E Soft Inc has openings in New 
Jersey and nationwide for Com- 
puter Professionals with at least 
two years experience in the fol- 
lowing skills 


VB, VBScript, Delphi, Java, 
JavaScript, J2EE, JVMPI, JNI, 
EJB, SOAP, Jbuilder, Visual Age 
for Java, Sybase, C++, VC++, 
COM, DCOM, SQL Server, 
HTML, DHTML, Active X, Site 
Server, IIS, ASP, JSP, Web logic, 
Web sphere, Visual Source 
Safe, CORBA, (Visibroker) 
Codewright, EDI, CGI, Perl, 
CSS, XML, XSL, DSDM, TCP/ 
IP, DB2, UDB, Stored Procedur- 
es, MQ Series, Oracle DBA, MS 
Access, Oracle, PL/SQL, Oracle 
Forms, Oracle Reports, OLAP, 
SAP, ABAP/4, MTS, Site server, 
ISPF/Spool, VSAM, AIX, Cog- 
nos Impromptu, ETL, Datastage. 
Power Play, Business Objects, 
Mainframes, SOAP, Rouge- 
wave, AS/400 System Admin, 
WIN NT/2000, Unix & Shell 
Scripting/Programming, Linux, 
BSDI, Clear case, Perforce, 
WebDB, QA Automated Testing 
toois, Winrunner, Loadrunner, 
Silk. 


Most positions require Bachel- 
ors or Master Degree. Equiva- 
lent Degree and experience is 
accepted. Candidate should be 
willing to relocate. Excellent Pay 
and benefits. Salaries will be 
commensurate w/exp. and posi- 
tion sought. 


Email resumes to: 
vikram@esoftjobs.com 


Sr Appi Supp Analyst, NY, NY: 
Monitor & supp prod sys used in 
equities, futures & opts trad 
Eval & analyze client connect! 
req'mnts, determine function 

. make recomm to dev 


& test client in prod. Config sys 
& supp test & prod envir. 
Troubleshoot & supp global trad 
sys. Participate in connect & 
trad sys des & dev & dev proc to 
streamline client setup & cert 
Must perf duties w/ Windows. 
2000 Servers & XP Oper Sys 
envir, UNIX Servers, Stnd FIX 
Protocol, Shell Script, UNIX-bsd) 
Script lang, Korn Sheil Script & 
Perl Script. Req: BS in Comp 
Eng, Comp Sci or closely rel 
field & 5 yrs relev exp in pos offd 
or occup wi/sim duties emph 
time-critical trad fl sys for fin 
srvcs firms; or MS in Com Eng, 
Comp Sci or closely rel field & 3) 
yrs relev exp in pos offd or 
occup w/sim duties emph time- 
critical trad fl sys for fin srvcs 
firms. Resume to D. Vitiello, 
Pres., Columbia Tech. Corp., 45) 
Broadway, 9th Fl., New York, NY 
10006. 


PROGRAMMER/ANALYST 


Permanent position at Missat 
Consulting. Exp: 3 yrs 


Skills: EA! Components, Java, 
JMS, Websphere MQ, WBi, 
Neon Rules and Formatter, 
Webmethods, UNIX scripts, 
SAP-HR, PL/SQL, Oracle. 


Resp: Analyze requirements, 
design & develop EAi Compon- 
ents. Integrate enterprise appli- 
cations related to heterogenous 
environments 


Location:East Brunswick, NJ 
Tel: 877-483-2112 
Fax: 732-210-0251 
Email: hrd@missat.com 


Techgene Solutions has open- 
ings for Software Engineers or! 
other IT staff. Candidates must 
have BS/MS with experience. 
Skills in Cobol, JCL, Oracle, 
SQL, VB, C/C++ are plus. Travel 
may be required for some posi- 
tions. Competitive salary. Please’ 
apply at 

com. No cails. EOE 


Synova has multiple openings 
for Project/Software Engineers, 
System Analysts, DBA. Our 
clients include Fortune 500. 
Candidates must have MS or BS 
with experience. We offer attrac-' 
tive wage with full benefits 
Travel maybe required. Email 
resume to ads@synovainc.com 
EOE. No calls. 


CHIEF INFORMATION 
OFFICER 
Up to $120,000 


The New York Liquidation Bur- 
eau is seeking a visionary to de- 
velop, implement, and enforce 
Strategic policies and proce- 
dures ensuring data reliability 
and security. This highly motivat- 
ed individual must be knowl- 
edgeable in Articles 74 and 76 of| 
the New York Insurance Law. 
Essential skills require an excel- 
lent communicator and team 
builder with proven success in 
management systems/informa- 
tion technology at an insur- 
ance/reinsurance or financial in- 
stitution. Individual must also be 
able to provide executive leader- 
ship with broad experience in 
managing diverse multidiscipli- 
nary technical teams. Ideal can- 
didates must possess a Bachel- 
or's Degree in a related disci- 
pline; and/or related profession- 
al designation or graduate de- 
gree. AS400 and Novell LAN 
experience is a must; familiarity 
with J.D. Edwards financial soft- 
ware and NAIC knowledge is a 
plus. We offer extensive benefits 
and salary commensurate with 
experience. Please fax resume 
with salary requirements to 212- 
349-5810 or e-mail to 
hr@nylb.org 
EOE M/H/F/V 


MIS Managers: Direct daily op- 
erations of department, analyze 
workflow, establish priorities 
Develop computer information 
resources, provide data security 
and control, strategic computing 
and disaster recovery. Know- 
ledge in ERP packages using 

, EDI, Workflow, Business 
Connector, .NET, Business Ob- 
jects, PeopleSoft, PeopleTools 
programs using ASP, DB2, SQL/ 
Oracle, UNIX/NT. Req. M.S. in 
Comp. Science or Engg. & 1 yr 
of exp. or B.S. in Comp. Science 
or Engg. +5 yrs of exp. 


Programmer Analysts: Analyze, 
develop and test SAP, Enter- 
prise Portal, J2EE, BSP, E-Sel- 
ne and E-Service using iVews, 
BW, PDM, ABAP, Netweaver, 
XML using database in Oracle 
and SQL Server. Req. Bachelor 
in Comp. Science or Engg. Or| 
related and 2 yrs of exp. 
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Coolgen, ClearCase, Clear- 
Quest, Plumtree, PVCS, UNIX 
Bachelors or Eqv. req'd in Com- 
puters, Eng, Math or related fieid 
+2 yrs of related exp. S/E: 
Design, develop & test software 
using Java, C, C++, VB, Winrun- 
ner, Tuxedo, Eclipse, Corba, 
RMI, RUP.; Masters or Eqv.** 
req'd in Computers, Eng, math 


related exp 

or Eqv + 5 yrs of progressive 
related work exp.).40 hrs/Wk. 
Must have legal authority to 
work permanently in the U.S 
Send resume to HR, Global- 
ways, Inc., 39176B, State Street, 
Fremont, CA 94538 


Frontier Consulting, Inc., 
specializing in software de- 
velopment & professional 
consulting services seeks 
an experienced program- 
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cal interface programming & 
communication protocol. 
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Study + 2 yrs of related exp. SE 
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RMI, RUP. Masters or Eqv* req'd 
in Computers, Eng, Math or 
related field of study + 1 yr of 
related exp. (*Eqv.: Bachelors or 
Eqv. + 5 yrs of progressive relat- 
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have legal authority to work per- 
manently in the U.S. Send res- 
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ers, Eng, Math or related field of 
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(**Eqv.: Bachelors or Eqv. + 5 
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exp). 40 hrs/Wk. Must have 
legal authority to work perma- 
nently in the U.S. Send resume 
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Dallas, TX 75240. 


F/T Computer Programmer. Re- 
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Must have Bachelor's degree in 
Comp. Science, Electr. Engin- 
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Competitive. Send resume to: 
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Alpharetta, GA 30004 


Infomerica is looking for sys- 
tem analysts, DBA, software 
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Card. Send resumes to 
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Processor interface, real time 
online ATM/POS. Qualified 
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Chism 5600 Crooks Rd. Troy, 
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velopment & report gen- 
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(973) 589-7565. 
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Cyber Technology Group, Iselin, 
NJ, needs experienced Senior 
Software Engineers having a 
Masters degree in a quantitative 
discipline or in the alternative a 
Bachelors Degree in a quantita- 
tive discipline and five years of 
progressive work experience to 
analyze, code, design, develop 
implement test and troubleshoot 
real time software applications 
using tools and technologies 
such as Java, J2EE, JavaScript, 
HTML, ColdFusion, C, C++ 
WebLogic and Oracle. Competi 
tive salary and benefits. M-F, 40 
hours/week. Please mail your 
resume to Cyber Technology 
Group, HR Department, 200 
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auth. (SSL, RSA, smart- 
cards). Will manage dev. 
and doc. for defense and 
banking products. Send 
resume to 3423 Investment 
BI., Ste. 16, Hayward CA 
94545, Attn: HR 
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Continued from page 1 


Microsoft 


one of Microsoft’s two major 
management products. 

Kirill Tatarinov, vice presi- 
dent of Microsoft’s Windows 
and enterprise management 
division, said the first fruits of 
DSI can be seen in the “health 
models” that are bundled into 
management packs for Micro- 
soft Operations Manager 2005, 
which shipped late last year. 
The models let MOM users 
compare the performance and 
availability of applications with 
their desired baseline levels. 


XML-based Model 

The System Definition Model, 
an XML-based document that 
Microsoft expects to eventual- 
ly become pervasive in Win- 
dows applications, will take 
the DSI strategy to the next 
level, Tatarinov said. 

SDM can be likened to a 
shipping manifest that lists the 
resources on which an appli- 
cation depends, the applica- 
tion’s operational behavior 
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and the manner in which it’s 
deployed and updated. Cur- 
rently available in the beta 
version of Visual Studio 2005 
Team System, SDM is due to 
ship with the product in the 
second half of the year. 

Plans call for Microsoft to 
bake SDM into its own prod- 
ucts. And Tatarinov said the 
company will make a concert- 
ed effort this year — witha 
special focus at its Profession- 
al Developers Conference in 
September — to encourage 
other software vendors and 
corporate developers to build 
SDM into their applications. 

Upcoming versions of 
MOM and SMS will be able to 
use the information contained 
in the SDM documents. For 
example, a document could in- 
form SMS of how an applica- 
tion needs to be deployed and 
what components are depen- 
dent on it, Tatarinov said. 

But Jason Agee, a lead infra- 
structure systems analyst at 
the Nebraska Department of 
Health and Human Services in 
Lincoln, expressed skepticism 
about the model-based man- 
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Microsoft's Management Software Road Map 


Microsoft 
Operations Manager 
= MOM 2005 SP1: Bug-fix update. 
Due in second half of this year. 


= MOM v3: Code name for next 
major release. Due for beta-testing 
by Technical Adoption Program 
customers this year; shipment 
expected in second half of 2006. 


Systems 


Management Server | 


= SMS Update (for Software 
Assurance customers): Adds vul- 
nerability assessment, ability to do 


| third-party software patching. Due first 
quarter of 2006. 


| #SMS v4: Code name for next major 
| version, with a role- and task-based 

| user interface and integrated Network 
| Access Protection. Due in 2007. 


Reporting Manager 

| @ New product for generating re- 
ports from data in SMS, MOM and 
Active Directory. Due for beta release 
| in early May, shipment in the second 
half of this year. 


Capacity Manager 


| @New tool for planning deployments 


of MOM and Exchange Server 
Technical Community Preview re- 
lease available now; Version 1 due 
later this year. 


Data Protection 
Manager 


@ Supports disk-to-disk data 
backup and recovery. Available 
now for beta-testing, due for 
commercial release in the 
second half of this year. 


Windows Server 
Update Services 


@ For patch/software updates. 
In beta now; due by end of June. 


agement approach. He said he 
will first need to see an exam- 


ple of an environment in which | 


DSI works to be convinced 
that it can be useful. “A model 
is only as good as how com- 
plete it is,” he said. “I have a 
feeling it’ll be rocky in the be- 
ginning. But as the models im- 
prove, I’ll get interested.” 

An IT manager at an aircraft 
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Microsoft Drops System Center Integration Plan 


LAS VEGAS 


MICROSOFT last week disclosed 
the details of a revised plan for its 
System Center set of manage- 
ment tools and provided sneak 
previews of upcoming versions of 
both SMS and MOM. 

At the Microsoft Management 
Summit two years ago, the com- 
pany said it planned to bundle 
SMS and MOM together under 
the name System Center and en- 
able them to share the same data 
warehouse for unified reporting. 
It also outlined a second version 
of System Center that promised 
deeper integration of the two 
products into a single offering. 

But Microsoft scrapped plans 
for the unified product after cus- 
tomers said they didn’t want it, 
according to Kirill Tatarinov, vice 
president of Microsoft's Windows 


m, Mass. 
sue for the last two wi 


and other n 


and enterprise management divi- 
sion. Users tend to have skills in 
either SMS or MOM and are ac- 
customed to having distinct prod- 
ucts, he said. 

“We admitted that we didn't 
think it through too well at the be- 
ginning,” Tatarinov said. 

Under the new plan, System 
Center is just the umbrella term 
for Microsoft's family of manage- 
ment products. In addition to 
SMS and MOM, Microsoft is due 
to ship three new products in the 
second half of the year: Reporting 
Manager for creating reports from 
SMS and MOM, Capacity Manag- 
er for predictive planning of Ex- 
change Server and MOM deploy- 
ments, and Data Protection Man- 
ager for disk-based backups. 

The company plans to release 
a beta version of Reporting Man- 


ager next month. Tatarinov said 
that the product integrates data 
from MOM, SMS and Active Di- 
rectory and lets users produce 
sets of reports. 

“Management will eat that up,” 
said Mike Szymik, workstation 
support lead at Harley-Davidson 
Motor Co. in Milwaukee. He said 
managers at the motorcycle mak- 
er often ask for reports so they 
can check the degree to which 
the company's systems are out of 
compliance with software patches. 

The next version of SMS, 
code-named v4, will feature se- 
curity, usability and configuration 
management enhancements, 
said Felicity McGourty, director of 
marketing in Tatarinov's division. 
Microsoft expects to ship SMS 
v4 in 2007, McGourty said. 

For example, Microsoft will in- 
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| manufacturer said she fore- 

| sees trouble getting the com- 
pany’s developers to use SDM 
| when they build custom appli- 
| cations. “Microsoft assumes 
that IT will be able to force 
standards on application de- 
velopers,” said the manager, 
who asked not to be identi- 
fied. “I’ve been in IT for 20 

| years, and I haven’t seen it in 
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tegrate its Network Access Pro- 
tection capabilities to help sys- 
tems administrators prevent PCs 
from accessing corporate re- 
sources if they aren't properly 
patched. The new SMS will also 
be able to do proactive monitor- 
ing of variances from a desired 
configuration for a system or ap- 
plication, McGourty said. 

MOM v3, due in the second 
half of 2006, will support model- 
based management and enable 
IT administrators to monitor ser- 
vices being delivered to end 
users, Tatarinov said. It will also 
include features such as a “do it” 
bution to enable IT staffers to 
quickly act on the recommended 
response to an alert, and a role- 
based interface for different 
users, such as a local administra- 
tor, a remote administrator or an 
operator. 

- Carol Sliwa 





| our world. Somebody’s going 


to have to embrace this at the 


| top and say, “This is the direc- 


tion we need to go.’” 

Some IT managers didn’t 
even see the need to spend 
time learning about DSI at the 
conference. “Future dreams 
and visions don’t matter to 
me. I’m [all about] where the 


rubber meets the road,” said a 


technology adviser at a large 
oil company who also asked 
not to be identified. 

Peter Pawlak, an analyst at 


Directions on Microsoft, said 


that he doubts corporate de- 
velopers could or will do any- 


| thing with DSI until mid-2007, 
| and that he doesn’t expect 

| “anything that resembles the 

| DSI vision” for corporate ap- 


plications until 2008. 
“I see little in the DSI road 


| map that will help them man- 


age existing corporate apps 
better,” he added. “The big 
thing [Microsoft] needs to do 


| is get developers in, because 
| there are no developers at this 


conference.” @ 53950 


| In this issue: Microsoft's Jim Alichin 
| dis 2S the company’s Longhorn 
| operating system plans. Page 19 


More online: Visit our Web site to read an 

nterview with Microsoft's Kirill Tatarinov 
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Patently Fair 


T LONG LAST, the U.S. Congress has taken up the con- 
troversial issue of software patents. Last week, a draft 
of new legislation was publicly circulated, and a con- 
gressional subcommittee held the first hearings on the 
proposed law, whose primary purpose appears to be — 
wait, you may want to sit down for this. Its primary purpose seems 
to be to save Microsoft a half-billion dollars. 
Is that unfair? Well, maybe. Let’s say that one of the proposed law’s 
purposes is to overturn Eolas v. Microsoft, the lawsuit in which a jury 
in 2003 awarded $521 million to a company that said Microsoft in- 


fringed on its software patents. 


What, you thought patent reform was going to be good for you? 


Actually, it might be. Right now, software 
patents are one of the biggest intellectual-prop- 
erty pain points in the IT industry. And the pain 
pretty much crosses the usual divides. Big pro- 
prietary software vendors, open-source devel- 
opers and even individual corporate IT shops 
have to worry about infringing someone else’s 
software patents. 

And because of the way the system is cur- 
rently set up, it’s impossible to be sure that soft- 
ware doesn’t infringe a patent. Patents aren’t 
like copyrights, where you infringe by copying 
someone else’s work. With patents, you can in- 
fringe even if you think you invented a technol- 
ogy yourself. You may never have seen the in- 
vention whose patent you’ve infringed. 

In fact, you’re likely not to have seen it, since 
patent applications currently aren’t published 
while the U.S. Patent and Trademark Office is 
examining whether a patent should be issued. 

That means software developers are working 
in the dark, hoping they won’t run afoul of 
patents they don’t know exist. And if a patent is 
infringed, the patent holder pretty 
much has the infringer over a bar- 
rel. No wonder so many people 
have lined up against them. 

Of course, some of the people 
lined up against them also favor 
software patents. Case in point: 

Microsoft. The company likes some 
software patents, especially the 
ones it owns. It hates other software 
patents, particularly the ones be- 
longing to companies like Eolas 
Technologies that have been used to 
hammer Microsoft with lawsuits 
over the past few years. 





So Microsoft has lobbied hard for patent law 
changes. So have the Intellectual Property Own- 
ers Association, the Business Software Alliance 
and other groups, each with a slightly different 
agenda. The proposed law has a little some- 
thing for everyone — especially Microsoft. 

But that’s not all bad. Under the draft legisla- 
tion (which, remember, is a long way from be- 
ing law), it will be harder to prove that a soft- 
ware invention deserves a patent and easier to 
challenge the patent once it’s issued. Damages 
will be limited. It will be harder to get an in- 
junction that stops an accused infringer from 
selling its products. And all patent applications 
will be published once they’ve been in the 
pipeline for 18 months. 

There’s also specific language tailored to 
overturn Eolas v. Microsoft and eliminate any 
chance that Microsoft will have to pay that 
$521 million. Some surprise, huh? 

The one thing the new legislation won't 
change is the existence of software patents in 
the U.S. This version of patent reform pretty 

much ends any hope that Congress 
will get rid of software patents. 

We've had them for more than 
20 years now, since a U.S. Supreme 
Court decision in 1981. They’ll still 
be a problem for software vendors. 

But the proposed law really 
could help clean up the process 
and limit uncertainty for software 
developers. They’ll have a fighting 
chance of avoiding software patent 
infringement. That should be good 
for everyone working on software. 

Even you. And, yes, especially 
Microsoft. @ 53929 
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Because They're Servers! 

Pilot fish has already been through a detailed data- 
security audit for all 100 of the Windows servers in 
his care. Then the Sarbanes-Oxley auditor asks for a 
list of network protocols installed on the servers. Next 
comes this one: “If any of these services or protocols 
are enabled for normal business operations, ! need 
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CASE STUDY: 
A HIPAA Hospital Diagnosis 


Facing important HIPAA compliance deadlines, a 
regional hospital in the Southwest turned to Insight 

for help. The hospital wanted an outside review to 
ensure its systems could pass the test. Diagnosing 
everything from data backup and virus protection to 
Web and facility security, Insight’s Secure IT Remote 
Risk Assessment identified important issues, prioritized 
risks and proposed solutions to solve them. Armed 

with this information, the IT team can now focus its 
efforts to realize HIPAA data security compliance. 


www.insight.com/CW 
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SECURING YOUR 
BUSINESS 


IT security is a moving target. The systems 
and processes you relied on yesterday may 
not provide the protection you need today. 
But we can. Insight offers the leading 
security technology essentials—firewalls, 
virus protection, appliances—with an expert 
security team to help you identify and address 
issues throughout your business. Our security 
Specialists offer resources. and services such 
as remote and onsite assessments and 
monitoring to help you proactively plan 


and Secure IT with confidence. 
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See how HP Sérvices and HP Compliance Solution: 
IDC’s Identity. Management: A Growing Player in tt 


> can help you by downloading 
'e Regulatory Compliance Challenge at hp.com/info/openview 








